Multiple IPSEC over UDP VPN clients connecting to same WAN IP through pfSense

s3v

Situation:

VPN Client +
VPN Client +–-(LAN)---|PFSENSE 1.2.3 RC2|---(WAN)---+Public IP
VPN Client +

VPN client is Juniper Netscreen Remote, an IPSEC VPN client connecting to UDP500.
On the public ip we have a Juniper Netscreen 25 on which NAT traversal is enabled (double checked).
Pfsense has "Automatic outbound NAT rule generation (IPsec passthrough)" enabled, but we tried also with the other AON option.

We cannot connect more then 1 client at a time with the public ip whilst from another network this works fine.
Can somebody explain to me how to debug this situation or point me to documentation on this issue?

This is the same question as posted in 2008 in topic http://forum.pfsense.org/index.php/topic,9842.msg55500/topicseen.html#msg55500.

bkm

When you tried the AON option, did you check the static port box?

s3v

I tried with an enable/disable of the option Static-port under "Firewall: NAT: Outbound: Edit : Translation".
No luck with either.

bkm

Do you have the option to create a tunnel from pfsense to the Netscreen 25 box instead of using the VPN clients? I'm just throwing out ideas.

s3v

As we are going to connect to that public ip on a continuous basis that might be a good workaround, but a less preferred one.
It would require me to read up on all the technical stuff because i have never established tunnels before and i'm a bit short on time.
Not that i'm lazy :)