Solved: Re: PIX 506E and VPN client connections - Multiple connections

kyleh · ‎02-09-2003

I have a PIX 506E (6.2) w/3DES license and VPN client software 3.6.3. I am only using group username and password to authenticate. The first user connection works great. Whenever the second user connects, the first is terminated and the second works great. The product lit states I should be able to have 25 simultaneous connections either site-to-site or client.

Any help will greatly be appreciated, Kyle

gfullage · ‎02-09-2003

Are these two users at the same site, behind a device that is doing PAT? If so, then this device is causing the problem, not the PIX. The device is unable to properly translate IPsec packets. Unfortunately there's nothing you can do about it on the PIX, although the next release of software (6.3, available around March timeframe) will have support for NAT-T (which the client currently supports). Once both ends support NAT-T, they'll be able to tell there's a PAT device in between them and they'll automatically encapsulate everything in UDP packets, which your PAT device will be able to translate properly.

View solution in original post

gfullage · ‎02-09-2003

Are these two users at the same site, behind a device that is doing PAT? If so, then this device is causing the problem, not the PIX. The device is unable to properly translate IPsec packets. Unfortunately there's nothing you can do about it on the PIX, although the next release of software (6.3, available around March timeframe) will have support for NAT-T (which the client currently supports). Once both ends support NAT-T, they'll be able to tell there's a PAT device in between them and they'll automatically encapsulate everything in UDP packets, which your PAT device will be able to translate properly.

kyleh · ‎02-09-2003

Thank you and yes they are behind the same router doing PAT. I will run the test from two different cities to verify.

Again, thanks, KRH