Error 412 for Cisco VPN Client

Unanswered Question
Jun 15th, 2009
User Badges:

I am trying to connect to a VPN concentrator that is behind a 2600 router using NAT-T. I have 2 ports open for the NAT-T setup. Port UDP 500 and Port UDP 4500. My access-list are setup to allow traffic NAT from a public ip to a 10.100.1.2 ip of the public interface for the VPN Concentrator. When I attempt to connect then do a sh access-list I have matches on the UDP port 500 but, the 4500 port is not showing any match attempts fromt he outside. It is like My software or computer is not even trying to connect using that port. Any Ideas????

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slmansfield Wed, 06/17/2009 - 11:33
User Badges:
  • Silver, 250 points or more

It looks like you have a few questions posted about getting NAT-T to work to a VPN concentrator. Here's a good URL for troubleshooting VPN problems.


http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml


Make sure you've not only configured NAT-T on the concentrator but also that NAT-T is allowed through the public filter (on the public facing interface) on the concentrator.


To configure NAT-T, go to the Configuration | Tunneling and Security | IPSec | NAT Transparency menu and click the box that says "IPSec over NAT-T".


To add rules for NAT-T inbound and outbound to the concentrator, go to Configuration | Policy Management | Traffic Management | Filters. Highlight the Public filter (or whichever is your public-facing interface filter), then click on "Assign Rules to Filter". Select NAT-T in and NAT-T out.


The VPN client should be configured to "Enable Transparent Tunneling" with IPSEC over UDP.


HTH

Actions

This Discussion