Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1234
Views
0
Helpful
1
Replies

Error 412 for Cisco VPN Client

Charlie Mayes
Level 1
Level 1

‎06-15-2009 08:38 AM

I am trying to connect to a VPN concentrator that is behind a 2600 router using NAT-T. I have 2 ports open for the NAT-T setup. Port UDP 500 and Port UDP 4500. My access-list are setup to allow traffic NAT from a public ip to a 10.100.1.2 ip of the public interface for the VPN Concentrator. When I attempt to connect then do a sh access-list I have matches on the UDP port 500 but, the 4500 port is not showing any match attempts fromt he outside. It is like My software or computer is not even trying to connect using that port. Any Ideas????

Labels:
0 Helpful
1 Reply 1

slmansfield
Level 4
Level 4

‎06-17-2009 11:33 AM

It looks like you have a few questions posted about getting NAT-T to work to a VPN concentrator. Here's a good URL for troubleshooting VPN problems.

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Make sure you've not only configured NAT-T on the concentrator but also that NAT-T is allowed through the public filter (on the public facing interface) on the concentrator.

To configure NAT-T, go to the Configuration | Tunneling and Security | IPSec | NAT Transparency menu and click the box that says "IPSec over NAT-T".

To add rules for NAT-T inbound and outbound to the concentrator, go to Configuration | Policy Management | Traffic Management | Filters. Highlight the Public filter (or whichever is your public-facing interface filter), then click on "Assign Rules to Filter". Select NAT-T in and NAT-T out.

The VPN client should be configured to "Enable Transparent Tunneling" with IPSEC over UDP.

HTH

0 Helpful
Customers Also Viewed These Support Documents