IBM Support

Technote (troubleshooting)



Resolving the problem

To determine whether this APAR is fixed in your version of Lotus Mobile Connect, or to obtain the latest recommended maintenance, refer to:

Problem Summary
* USERS AFFECTED: Lotus Mobile Connect VPN users coming where  *
*                 a NAT/PAT device is inline before the        *
*                 Connection Manager server.                   *
* PROBLEM DESCRIPTION: If the NAT/PAT reassigns addresses      *
*                      too quickly, Mobile Connect may get     *
*                      into an infinite recursive loop until   *
*                      it crashes.  The wg.log reports         *
*                      thousands of decryption errors.         *
* RECOMMENDATION: Update to fixtext or 6.1.5                   *
Error handler put in place to catch this scenario and
recover gracefully.

Problem Conclusion
A formal fix for this problem will be
included in all product releases AFTER
6.1.4. For the 6.1.4 release a temporary fix
may be obtained from the IBM Mobile
Connect Support Center. To obtain this
APAR fix first check the List of Fixes to
determine which build level the fix is
included with. Secondly, check the IBM
Mobile Connect Recommended Maintenance
page for the latest available build for the
If the APAR you seek is not available in the
latest published Mobile Connect build you
may visit the IBM Mobile Connect On-line
Support Center at
lotus/ibm_mobile_connect or open a new PMR
by visting the ('Service Requests and PMRs')
page on the support site. If you need to reach
IBM Support in the U.S. call 1-800-IBM-SERV.
For Support outside of the U.S. please visit the
IBM Contacts page at to find the
direct dial support number for your

Error Description
Lotus Mobile Connect is in an evironment with a Network Address
Translator / Port Address Translator. In this specific case it
appears that the NAT / PAT is making all of the VPN Clients
appear to be the same address and is also reusing ports too
quickly. The result is that the VPN device records are
stomping on each other and causing confusion and looping within
LMC. In a wg.log file you would see thousands of decryption
errors within minutes.
LMC threading becomes confused and argumentative to the point
of not being able to work any longer, and the core dump is the

Local Fix

Document information

More support for: IBM Mobile Connect

Software version: 6.1.4

Operating system(s): AIX, Linux, Solaris, Windows

Reference #: 1621966

Modified date: 2013-01-09