Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
3
Replies

VPN 3000 and Windows XP Pro - Can't connect from behind NAT/Firewall

jeff.hillman
Level 1
Level 1

‎06-18-2002 06:18 PM - edited ‎02-21-2020 11:48 AM

I recently changed from Win2k to XP Pro on my laptop. I've been using the VPN client to connect to my companies VPN 3000 through NAT'd firewalls without a problem under Win2k. I installed the latest VPN Client software (3.5.(2)A), made sure ICS and the XP firewall service were stopped and set to manual so they wouldn't start again, but I am unable to make a connection to my concentrator.

I enabled Transparent Tunneling using both UDP and TCP, and got different connection errors each time.

UDP:

In the connection history I get a message: "Remote peer is no longer responding" and in the IPSec Log I see a warning/2 message: "Exceeded 3 IKE SA negotiation retransmits... peer is not responding"

TCP:

In the connection history: "Failed to establish a TCP connection."

In the IPSec Log: "Unexpected TCP control packet received from <ADDR DELETED>, src port 10000, dst port 1613, flags 14h"

I know the firewalls I am connecting through are not blocking anything they weren't when the connections were working under Win2k. Not sure what is up. Any thoughts/suggestions would be appreciated.

Thank you,

Jeff.

Labels:
0 Helpful
3 Replies 3

awaheed
Cisco Employee
Cisco Employee

‎06-19-2002 03:23 PM

You might want to reinstall the VPN client just to make sure the Installation went through fine. The main help would b ethe error message appearing on the CVPN300 box itself, for further help for looking into the Configuration a TAC case should be opened.

Hope this helps,

Aamir Waheed

Cisco Systems, Inc.

-=-=-

0 Helpful

hywel.ifans
Level 1
Level 1
In response to awaheed

‎07-02-2002 06:43 AM

I have the same errors with a 3.x Client behind a Cisco router running NAT to the Internet. It has to be something to do with the NAT on the router because if I connect the laptop to the Internet via dial-up the exact same config works OK. I could get around MY problem if I could get a LAN to PIX VPN to work with a dynamic IP on the router - any thoughts?!

0 Helpful

dpatkins
Level 1
Level 1

‎07-02-2002 08:24 AM

Go to Configuration->User Management->Groups->(Group Name)->Mode Config and make sure that you have "IPSec over UDP" checked. You will be able to assign the port you wish to assign. You will also need to make sure that your firewall is opened to this port as well.

0 Helpful
Customers Also Viewed These Support Documents