Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
3
Replies

Cisco's VPN client issues...

ctinajero
Level 1
Level 1

‎04-05-2005 11:12 AM - edited ‎02-21-2020 01:42 PM

Hello there,

1.-Has anybody have any issues with VPN client 4.6 and ZLID (Zone Labs)? After installing the client, ZLID needs to be re-installed.

2.-Does VPN client work well with proxies? I cannot establish a VPN tunnel from hotels/airports. And the possible culprit is a proxy.

Any input would be appreciated.

Carlos T.

IBM Network Analyst

Labels:
0 Helpful
3 Replies 3

ehirsel
Level 6
Level 6

‎04-06-2005 04:17 AM

You may need to enable nat-t (aka transparent tunneling) on the client end for the vpn connection to connect via a proxy or a nat/pat device. In addition, the vpn gateway has to be configured accordingly. If the vpn gateway is a vpn 3000 concentrator device, NAT-T can be enabled.

I believe that the integrated firewall that comes with the cisco vpn client, has a scaled-down zone-labs firewall, or has code in common with it. The vpn client release notes are located at:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/prod_release_notes_list.html

The notes may be able to answer your question with regards to ZLID.

Let me know if you still have any questions.

0 Helpful

ctinajero
Level 1
Level 1
In response to ehirsel

‎04-06-2005 06:50 AM

Hi Ehirsel,

Thank you for your response. I am using NAT-T with UDP and/or TCP/IP using different ports (i.e.80) on the client. Now, I could not find anything related to NAT-T (transparent tunneling) on the VPN 3000 Concentrators (model 3030 to be exact). I found "Split Tunneling Policy." And, I am using "only tunnel networks on the list" option. Any other ideas?

Thank you,

Carlos T.

0 Helpful

ehirsel
Level 6
Level 6
In response to ctinajero

‎04-07-2005 06:48 AM

This link is to the 3030 code release config guide for different versions:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_installation_and_configuration_guides_list.html

At the 3030 config goto: Configuration | Tunneling and Security | IPSec | NAT Transparency Screen to insure that nat-t is enbled as well as ipsec/tcp.

FYI, especially with udp if there are firewalls between the client and the 3030, they will need to enable connections from the client to 3030 udp port 4500 (nat-t or ipsec/udp) or allow tcp connections to 3030 tcp port xxx, where xxx is the port that the concentrator is listening on. Note if you use 80 or 443 for the tcp port then check the tunneling protocols config to insure that http and https access (i.e., web-vpn) are not conflicting with what is chosen for ipsec/tcp. I would use port 10000 for ipsec/tcp.

One question: what response is the client getting? Does the vpn connection timeout with a message that the remote peer cannot be reached (or some words to that effect)?

Let me know if this helps.

0 Helpful
Customers Also Viewed These Support Documents