I have a PIX running 6.2(2) code and the 3.5.1 vpn client. I can set up different vpngroups that use the same local ip pool fine. But if I create a second ip pool and assign a vpngroup to use the new pool they hang at the "securing connection" entry on the client.

Using debug I see that the isakmp portion authenticated but the ipsec authentication fails with invalid ip address.

Partial config:

ip local pool userpool 192.168.101.1-192.168.101.254

ip local pool adminpool 192.168.102.1-192.168.102.254

vpngroup vpnLand address-pool userpool

vpngroup vpnLand split-tunnel 102

vpngroup vpnLand idle-time 1800

vpngroup vpnLand password ********

vpngroup vpnallands address-pool userpool

vpngroup vpnallands split-tunnel 102

vpngroup vpnallands idle-time 1800

vpngroup vpnallands password ********

vpngroup vpnPHX address-pool userpool

vpngroup vpnPHX split-tunnel 102

vpngroup vpnPHX idle-time 1800

vpngroup vpnPHX password ********

vpngroup vpnTRU address-pool userpool

vpngroup vpnTRU split-tunnel 102

vpngroup vpnTRU idle-time 1800

vpngroup vpnTRU password ********

vpngroup admin address-pool adminpool

vpngroup admin split-tunnel 102

vpngroup admin idle-time 1800

vpngroup admin password ********

The vpngroup admin will not authenticate unless its pool is set to userpool. If I delete userpool then vpngroup admin will work with adminpool, but obviously the others will not. When I recreate userpool the others work but admin stops

Is this a supported configuration? I was told with 6.0 it was not. But with 6.2 and pdm2.0 it implies it does (at lease it lets me configure it that way).