Cisco PIX accepts only one Cisco VPN Client connection per public IP
Posted on 2006-05-07
There is a Cisco PIX506E accepting connections from numerous Cisco VPN Clients (Version 4.6). It worked rather well, until I had to add a new site-to-site VPN over IPSec. This somehow caused existing VPN Client user to be able to connect only one PC per location. For instance, in a house with three computer, each having VPN client software, only the first PC would be able to connect. Other two would fail during IKE phase I while negotiating security.
...and this does not appear to be the UDP problem, as suggested by some, to enable "NAT traversal" didn't help. It was been on and it is on now.
The PIX can accept connections, so long as it's the first connection coming from given NATted subnet.
There are exceptions to this. Some locales seem to be able to connect however many VPN clients.
any help, especially how/why it happens, is highly appreciated.