[c-nsp] pix vpn problem
Church, Charles
cchurc05 at harris.com
Wed Sep 26 12:17:32 EDT 2007
Most likely a problem on the NAT box. I'm guessing that both users are
trying to use stanadard IPSec protocol for IKE and ESP. The problem is
the NAT box knows about IPSec, and maps incoming IPSec to a certain
inside device. But when the second client establishes a connection, the
NAT box no longer knows what inside client to send it to, so the first
one gets dropped. Have one (or both) of the clients change to a
tunneled mode (over TCP or UDP), and the problem should go away.
Chuck Church
Principal Network Engineer, CCIE #8776
Harris Information Technology Services
EDS Contractor - Navy Marine Corps Intranet (NMCI)
1210 N. Parker Rd. | Greenville, SC 29609
Office: 864-335-9473 | Cell: 864-266-3978
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Mark Messier
Sent: Wednesday, September 26, 2007 9:44 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] pix vpn problem
Hello,
A customer has a Cisco Pix (6.3) with remote users using
the cisco vpn client. When they have two remote people
behind the same NAT box (which we don't control, perhaps
in a hotel) then only one of them can be connected at a
time. When the second tries to connect, the first gets
disconnected.
Is this likely to be a problem with the (unknown) NAT box,
or on the PIX? If on the PIX, is it fixable?
Thanks,
-mark
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list