I am experiencing problems with only one VPN Client (for releases 3.3 and earlier) being able to connect through a Port Address Translation (PAT) device. What can I do to alleviate this problem?
A. There was a bug in several Network Address Translation (NAT)/PAT implementations that causes ports less than 1024 not to be translated. On the VPN Client 3.1, even with NAT transparency enabled, the Internet Security Association and Key Management Protocol (ISAKMP) session uses UDP 512. The first VPN Client goes through the PAT device and keeps source port 512 on the outside. When the second VPN Client connects, port 512 is already in use. The attempt fails. There are three possible workarounds. • Fix the PAT device. • Upgrade the VPN Clients to 3.4 and use TCP encapsulation. • Install a VPN 3002 that replaces all VPN Clients.
Related Questions
- I am experiencing problems with only one VPN Client (for releases 3.3 and earlier) being able to connect through a Port Address Translation (PAT) device. What can I do to alleviate this problem?
- When I attempt to connect the Cisco VPN Client on a Mac OS, I receive this error message: Error 51- Unable to communication with the VPN subsystem. How can I resolve this issue?
- BlackBerry client is not able to connect to server?
