We are using a Pix 535 firewall and we're trying to establish a VPN connection from inside our network to another network. (not site-to-site VPN).
This is just a simple connection using the Windows VPN client. On the firewall logs we are getting:
Deny TCP (no connection) (172.16.x.x /2903) to (64.42.x.x/1723) flags PSH ACK on interface inside
Deny TCP src outside:(64.42.x.x/1723) dst inside: (216.110.x.x/54922) by access-group "aclout"
The weird thing is that sometimes it connects and sometimes it doesn't. (i.e. if you try to VPN a few times, it will start working).
It seems that when the reply comes back on a high number port sometimes it works and sometimes it doesn't.
The other side is using a Microsoft VPN server. I checked with a tech on the other side and they don't have any call back features enabled.
We can successfully VPN to other networks just fine.
I'm thinking that sometimes the other side resets the connection, so our firewall sees it as a brand new connection and it denies it.