02-06-2007 11:26 AM - edited 02-21-2020 02:51 PM
We use an ACL at the router to block wireless users from going anywhere but to a VPN 3030 public interface. With Vista and VPn client 4.8.02, I can't reach the VPN interface (pings fine however), once I removed the ACL, then I connected fine. Seems I need to allow a new protocol or port thru my ACL. Does somebody know if VISTA might use different ports to communicate with the VPN concentrator. When I sniffed the port on my laptop, seems the only difference with Win XP when using the VPN is the UDP source port, but this changes every time I think. The ISAKMP handshake looks the same. Thanks.
Marcelo
02-06-2007 01:35 PM
What does your acl look like? For ipsec vpn you need esp protocol, isakmp udp 500, and maybe nat-t udp 4500.
02-07-2007 01:11 PM
We have been using this ACL and the VPn client for 5 years. It gotta be something that changed with 4.8.02, since this one doesn't work on WinXP either..
I do have esp, isakmp, etc, etc..
Thanks.
02-07-2007 01:20 PM
Forgot to mention, it is a UDP issue, I confirmed this by allowing any UDP port to our concentrator's public interface on the acl, and the the vpn client works fine. As soon as I go back to "eq isakmp", stops working.
02-07-2007 01:32 PM
Can you log the denies in the router to see what's being blocked?
02-08-2007 07:05 AM
I will try that. Thanks.
BTW, yesterday I got a message that Cisco released VPN client 5.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide