From: Jason T. Rohm (jtrohm@rohmtech.com)
Date: Mon Apr 25 2005 - 12:43:34 GMT-3
I am having a weird problem that I just can't seem to wrap my brain around today.
I have a customer using the Cisco VPN3000 client in a conventional IPSec configuration. (Not IPSec over TCP or UDP). The endpoint is unknown, but it is not a VPN3000 concentrator. I suspect it is a PIX.
The customer was having problem opening multiple session from behind his router. I suspected that it was related to doing PAT, so I configured a large pool of addresses so he could do conventional NAT. This did NOT fix the problem
I have confirmed that this is a router configuration problem by having the customer dial out and openning multiple sessions.
The router in question is a Cisco831 running 12.3(8)T6, IP Plus IPSec 3DES.
The NAT pool was larger than the total internal systems, and was not configured with the "overload" option.
The first attempt to open a connection always succeeds. However, attempts to open a second or third to the same end-point (from other machines) always fail.
Anyone have some ideas and/or a reference URL?
Thanks
Jason
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:55:08 GMT-3