Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

970
Views
0
Helpful
1
Replies
dgr48
Beginner
Beginner
‎02-11-2010 09:42 AM
‎02-11-2010 09:42 AM

SA-520 Firewall is blocking QVPN requests

Hi,

I have 2 SA-520 with the same behaviour, the FW is blocking QVPN requests:

Sat Jan  1 00:25:27 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1062 DPT=60443
Sat Jan  1 00:26:48 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:26:48 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:26:58 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:27:18 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443
Sat Jan  1 00:27:19 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443
Sat Jan  1 00:27:24 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443

I have the "Enable Remote Management?                " with a check on it!

In attach is the CFG.

Thanks in advanced.

Mário.

Labels:
64934-SA520.cfg
0 Helpful
1 REPLY 1
nmanglik
Cisco Employee
Cisco Employee
‎04-26-2010 09:46 AM
‎04-26-2010 09:46 AM

This may be late but in case others may find it useful.

Checked the attached configuration of SA520 and the remote management port is set to port 443. By default the QuickVPN client uses port 443 though the logs attached shows that the Destination port is 60443. Can you please check if the QuickVPN client port is set to 443?

Note: If you want to use port 60443, then set 60443 on the Remote management page of SA500 and also for QuickVPN client.

If the problem still persist and QuickVPN client is behind a NAT router, make sure the Firewall is enabled on the PC where the QuickVPN client is installed.

Also, the latest firmware 1.1.42 has fixed some known QVPN issues. You may want to upgrade to 1.1.42 and here is the link -

tools.cisco.com/support/downloads/go/Redirect.x?imageguid=68F68B2F1F9893C1E1AC99906461BDA7AD7B5F7E

0 Helpful
Latest Contents
Cybersecurity strategies for Small Business
Created by Kelli Glass on 04-14-2021 11:46 AM
0
0
0
0
Discover the cybersecurity strategies that small and midsize business (SMB) leaders are using to thrive in today's ever-evolving threat landscape. The Cisco Cybersecurity Report Series is a collection of thought leadership studies. This spin-off from our... view more
#CiscoChat Live - Thriving with Cybersecurity: The 2021 Secu...
Created by Kelli Glass on 04-06-2021 03:44 PM
0
0
0
0
Would you believe that small and midsize businesses (SMBs) can teach enterprises a thing or two about effective security? Learn in which areas SMBs excel as we share the highlights of our Security Outcomes Study for SMBs. Join us on Thursday, April 15 at ... view more
#CiscoChat Live - Thriving with Cybersecurity: The 2021 Secu...
Created by Kelli Glass on 04-06-2021 03:42 PM
5
0
5
0
Would you believe that small and midsize businesses (SMBs) can teach enterprises a thing or two about effective security? Learn in which areas SMBs excel as we share the highlights of our Security Outcomes Study for SMBs. Join us on Thursday, April 15 at... view more
Don't miss out on the Small Business sessions at Cisco Live
Created by Kelli Glass on 03-18-2021 11:02 AM
0
0
0
0
Depending on where you are in the world on March 30 – April 1, you can learn how The Future of Small Business is Cloud Delivered at Cisco Live 2021! With an all-access pass you’ll be able to register and watch. But, if you aren’t, you can still take part ... view more
Expand your influence & elevate your career through Cisco Ad...
Created by Kelli Glass on 03-12-2021 11:29 AM
0
5
0
5
Join more than 20K Cisco customers taking part in Cisco’s Global Advocacy program. Engage with Cisco leaders and industry experts, share your tech success story and exchange best practices with your peers around the world—the sky’s the limit. Here are ju... view more
This widget could not be displayed.