Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
2
Replies

ASA Allows only 1 IPSEC RAS VPN Client

Go to solution
phlitservices
Level 1
Level 1

‎11-13-2009 09:01 PM - edited ‎02-21-2020 03:47 AM

Hi All,

I have a strange issue where an ASA 5510 that is configured for IPSEC-over-udp RAS VPN is only allowing one (1) vpn client to pass traffic.

The other clients can connect successfully (obtain IP/DNS etc, auth using LDAP)but only the client that connected first is able to browse internal resources. The others show 0 packets decrypted when I check the statistics. I have confirmed that it is not an issue with the license as the default ipsec license allows up to 250 clients I believe. Has anyone had this problem in the past?

Tks,

Donavan

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎11-14-2009 06:45 AM

This is usually a problem with the translations that are occuring on the NAT/PAT device in front of these multiple machines:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K71102938

Check that the translations look correct on that device first. There should be a translation for each VPN.

There were also a few bugs about multiple clients behind the same PAT, such as CSCse03299, but these had to do with IPSec over TCP connections.

-heather

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hdashnau
Cisco Employee
Cisco Employee

‎11-14-2009 06:45 AM

This is usually a problem with the translations that are occuring on the NAT/PAT device in front of these multiple machines:

http://www.ciscotaccc.com/kaidara-advisor/security/showcase?case=K71102938

Check that the translations look correct on that device first. There should be a translation for each VPN.

There were also a few bugs about multiple clients behind the same PAT, such as CSCse03299, but these had to do with IPSec over TCP connections.

-heather

0 Helpful

Go to solution
phlitservices
Level 1
Level 1
In response to hdashnau

‎11-14-2009 09:19 PM

Thanks for your response Heather, only problem is that I don't have access to the NAT/PAT devices in front of the VPN clients - Most of the locations are public hotspots :)

Donavan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card