Solved: Cisco VPN + Win XP SP2 Firewall

majick · ‎08-10-2004

We started testing Windows XP SP2 last week and have run into an interesting issue. If you enable the XP SP2 Firewall services it will disrupt Cisco VPN from establishing a connection over TCP. I've created an exception for the application, but that doesn't resolve the issues.

Note: if you change the connection to UDP/10000 it works just fine, but IPSec thru NAT over TCP/443 will not work.

Using "capture" on my PIX i can compare a successful connection (firewall off) and a failed connection (firewall on). On the failed attempt the ACK packet from the host to the VPN concentrator is blocked. Unfortunately the winXP debugging is essentially useless.

Has anyone run into a similar issue? Any assistance would be appreciated.

jwerschky · ‎08-11-2004

Create an exception in the Windows Firewall to allow port 62515/udp. The scope should be any computer. It is my understanding that Cisco is working on an updated version of the client that will address this, but this should work in the interim.

View solution in original post

jwerschky · ‎08-11-2004

Create an exception in the Windows Firewall to allow port 62515/udp. The scope should be any computer. It is my understanding that Cisco is working on an updated version of the client that will address this, but this should work in the interim.

majick · ‎08-11-2004

Thanks - that did the trick! bit of an ugly/odd workaround, but it worked. Do you happen to know what the requirement for this exception is based on?

dladen · ‎08-16-2004

What version client are you using?