03-14-2005 12:30 PM
Hi,
Is anyone aware of the limit on number of
outbound VPN Client[Cisco or Nortel] sessions from
behind a Cisco 2800 series router[running IOS release 12.3T].
Thanks,
Rajesh
03-14-2005 03:02 PM
depends on the type of transport method used on the VPN Client; Pure IPSec, Transparent Tunneling, or NAT-T
**Transparent Tunneling, or NAT-T**
outbound VPN sessions should only be restricted by the NAT table limitations if UDP over IPSec (Transparent Tunneling or NAT-T) is used.
Your Cisco 2800 should just see the sessions as typical client/server sessions (UDP) as all the "VPN (IPSec)" packets will be encapsulated in UDP (per NAT-T or TT). All of the actual processing will take place on
A - the workstation with VPN Client
B - the headend VPN Gateway being accessed
Your limitations will be the NAT Table (memory consumption) on the Cisco 2800 (pass-through for outbound) and the amount of VPN Tunnels on whatever head-end VPN Gateway is being accessed (remote device-inbound).
**Pure IPSec**
If you are trying to source multiple pure IPSec tunnels from behind the router, then you may run into problems (mainly with NAT/PAT).
03-14-2005 03:28 PM
Yes, I am trying NAT-Transversal[UDP:10,000]. Is there a specific IOS version required for this function? In the past, a second VPN Client session from behind a 2600 router would terminate the first session.
Thanks,
Rajesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide