IPsec over TCP to VPN3K doesn't work from XP PPPoE client

mmihalyfi · ‎02-24-2003

• I use the latest Cisco VPN client and VPN 3000 concentrator code

• the MTU is decreased to the default install's 1300

• WinXP with it's built in PPPoE client for ADSL

• UDP works, IPsec over TCP doesn't (from other Internet it works too)

what's wrong? any ideas? thanks!

Martin

thomas.chen · ‎02-28-2003

Hi Martin,

( Firstly, I assume that you are using TCP because you are inside

some device which uses PAT, else there is not point using TCP )

In the VPN dialer, try checking in the box that says "Enable Trasparent Tunnelling"

If you need to do transparent tunneling using TCP, then on the concentrator under Configuration >

System > Tunneling protocols > IPsec > IPsec over TCP check the box to enble IPsec over TCP and make

sure that the port number to be used is the same on the client and the concentrator.

mmihalyfi · ‎02-28-2003

Hello Thomas,

Thanks for taking the time to answer.

As I wrote it works well from other type of Internet connection (dial-up), it just doesn't work if it's ADSL with XP's built-in PPPoE connection. Don't know why.

Thanks,

Marton

mmihalyfi · ‎03-02-2003

Hi Thomas,

I found the root of the problem. It has nothing to do with PPPoE. The built-in firewall was enabled and it drops the VPN client's internal UDP communication to loopback on port 62515.

If I disable it the client can connect fine with TCP.

Now the question is how to add such a rule to allow 127.0.0.1:62515...

Thanks,

Martin