02-06-2007 11:26 AM - edited 02-21-2020 02:51 PM
We use an ACL at the router to block wireless users from going anywhere but to a VPN 3030 public interface. With Vista and VPn client 4.8.02, I can't reach the VPN interface (pings fine however), once I removed the ACL, then I connected fine. Seems I need to allow a new protocol or port thru my ACL. Does somebody know if VISTA might use different ports to communicate with the VPN concentrator. When I sniffed the port on my laptop, seems the only difference with Win XP when using the VPN is the UDP source port, but this changes every time I think. The ISAKMP handshake looks the same. Thanks.
Marcelo
02-06-2007 01:35 PM
What does your acl look like? For ipsec vpn you need esp protocol, isakmp udp 500, and maybe nat-t udp 4500.
02-07-2007 01:11 PM
We have been using this ACL and the VPn client for 5 years. It gotta be something that changed with 4.8.02, since this one doesn't work on WinXP either..
I do have esp, isakmp, etc, etc..
Thanks.
02-07-2007 01:20 PM
Forgot to mention, it is a UDP issue, I confirmed this by allowing any UDP port to our concentrator's public interface on the acl, and the the vpn client works fine. As soon as I go back to "eq isakmp", stops working.
02-07-2007 01:32 PM
Can you log the denies in the router to see what's being blocked?
02-08-2007 07:05 AM
I will try that. Thanks.
BTW, yesterday I got a message that Cisco released VPN client 5.0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: