Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1876
Views
0
Helpful
8
Replies

Multiple VPN Client connections from outside offices using PAT and Linksys

sitedr
Level 1
Level 1

‎05-15-2002 09:25 AM - edited ‎02-20-2020 10:03 PM

Hello,

I am having difficulty with several vendor/distributor offices that connect with our mainframe throughout the day. The distributors are using the VPN client, release 3.5.1.E. They connect to our PIX 525s running 6.1(1). The distributors that I am having the problem are running either Linksys or some other small access device, using PAT. It seems that if one person starts a connection, other people in the office cannot. I have other offices in which everyone can connect, but these offices NAT. Is it possible for multiple VPN clients to work via PAT, is there something I have missed on my (PIX) end, or could it be the Linksys and Netopia-style small routers not doing PAT properly? Any suggestions are greatly appreciated.

0 Helpful
8 Replies 8

jeff
Level 1
Level 1

‎05-17-2002 11:12 AM

When you say the distributors are running PAT, do you mean that the Linksys routers are doing the PAT, or actually Port Forwarding?

They would have to set up the ports for EACH of the IP addresses of the PC's that want to connect. Might they only have the ports set up for 1 address?

0 Helpful

jeff
Level 1
Level 1

‎05-17-2002 11:41 AM

I just remembered: I had a similar problem last year, and when I checked with Linksys, they said multiple VPN/PAT wasn't supported. You may want to check with them now to see if there's new software.

0 Helpful

eric_garnel
Level 1
Level 1
In response to jeff

‎08-15-2002 08:52 AM

We use a linksys 4 port cable router for testng (with the latest rev as of last month), and yes, 1 connection is all that is able to go thru

0 Helpful

lnunez6
Level 1
Level 1
In response to eric_garnel

‎08-15-2002 11:14 AM

The issue is NAT(PAT) IPSec traversal.

Cisco VPN 3000 concentrator supports NAT terversal.

PIX currently does not (It may in the future).

Hope this helps

0 Helpful

jeffrey.zhou
Level 1
Level 1
In response to lnunez6

‎11-18-2002 11:46 PM

For the router, you can confiure the esp pat.

0 Helpful

kdurrett
Level 3
Level 3
In response to jeffrey.zhou

‎11-19-2002 07:24 AM

The esp pat feature in the router will only allow one single ipsec connection through as you are mapping the entire protocol to that one address so further connections will not be able to be used. Typically you cannot connect the cvpn client 3.x to a router or a pix behind a PAT device. Linksys is one of the exceptions as they have a built in esp pat feature that allows only one vpn client to connect using PAT. IOS now has that esp PAT feature, but this still only allows one single connection. The difference before was you couldnt connect the client when using PAT from behind a ios router to a pix or router using ipsec and now you can, but just one.

Kurtis Durrett

0 Helpful

ddippel
Level 1
Level 1

‎02-13-2003 07:19 AM

Hi,

Our standard for home office is the Linksys also, and I had the same problem

with multiple clients behind the Linksys trying to use the VPN simultaneously.

If you change to TCP instead of UDP it should work.

0 Helpful

gregm
Level 1
Level 1

‎02-21-2003 11:17 AM

We've had success using the Netopia R910 router to support multiple ipsec pass-through session requirements. It supports multiple session to a single destination point or multiple destination points. Its the only SOHO device I've found that has this functionality.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card