VPN client 4.01 to 3005 concentrator via a borderware firewall using TCP

Unanswered Question
Jul 31st, 2003
User Badges:

I have a remote user trying to access my vpn 3005 servers. the client configured for TCP port access.

he has open the tcp port up on his fw but gets this in his vpn client log.

Unexpected TCP control packet received from x.x.x., src port 15845, dst port 1315, flags 10h¿B

a snoop on my firewall shows

client to vpn - syn packet

vpn to client - syn ack packet

client to vpn - data packet - 6 times

vpn to client - rst packet

looks like the borderware firewall (doing nat) proxy server can't support the IPSEC protocol.

Anyone have any ideas?

(p.s. other VPN users are working ok)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tkpsimon Fri, 08/29/2003 - 11:04
User Badges:

Hi I'm experinecing a similar situation, with vpn client and the borderware. Since the borderware is my third vendor's firewall, i have no control to it.

Have you find a solution to this? if so, i would really appreciate if you could give me a hint. Thanks in advance.

kerry.whittaker... Sun, 08/31/2003 - 13:38
User Badges:

The site i was having the problem at changed to using the UDP/(NAP/PAT) after they enable the IPSEC proxy thing on their firewall. this only gives them one user at a time but it works. this uses UDP port 4500 which must also be enable in the firewall and on the vpn server.


This Discussion