Cisco vpn Client 4.03 with XP SP2 Firewall enable

Unanswered Question
Sep 27th, 2005
User Badges:

When I try to connect to my vpn connection with a pc in windows xp SP2 with firewall enabled, I have this message : "Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP connection."

When I disable my firewall, it works well

I use Ipsec/tcp .

How have I to configure my windows firewall?

If you can help me ...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.8 (4 ratings)
jackko Tue, 09/27/2005 - 03:46
User Badges:
  • Gold, 750 points or more

"failed to establish a tcp connection"

you mentioned ipsec over tcp has been permitted on the sp2 firewall. by default it should be tcp 10000. maybe verify with the administrator whether the default port has been modified.

framil Tue, 09/27/2005 - 04:03
User Badges:

Yes, the tcp port is 10000.

But when I try to connect on vpn, I have this message : 12:31:32.896 09/27/05 Sev=Warning/2 IPSEC/0x6370001E

Unexpected TCP control packet received from, src port 10000, dst port 3584, flags 10h

The dst port is random, and it's difficult to configure the dst port on Windows Firewall ....

When I say Windows Firewall, I say the firewall installed on my pc ...not the firewall use for tunnelling ...

waynehenderson Fri, 09/30/2005 - 19:22
User Badges:

Any luck yet? I get this error also, when attempting to connect to our server using client 4.7.00(0510) on my Mac. Same problem with 4.6.02. My Dell laptop (version 4.6.03, same profile setup) works successfully.

It seems to get past user authentication OK, but then instead of successfully "securing the communnications channel" it goes back to "Initiating TCP to..." and then

"Secure VPN Connection terminated locally by the Client.

Reason 414: Failed to establish a TCP connection."

jackko Sat, 10/01/2005 - 00:17
User Badges:
  • Gold, 750 points or more

maybe try to permit the program instead of permitting the specific protocol/port tcp 10000. under window security centre > window firewall > Exceptions > Add Program.

another way is to identify what sort of traffic being sent and received by the cisco vpn client. use this freeware "TcpView". it shows the current inbound/outbound traffic from the pc point of view with protocol and port. then you can configure the window firewall accurately.

jackko Mon, 10/10/2005 - 17:50
User Badges:
  • Gold, 750 points or more

just wondering how you go.

waynehenderson Mon, 10/17/2005 - 19:51
User Badges:

Look for my other posts about Centralized Protection Policy CPP. I'm pretty sure that's my problem; the Mac client can't respond properly and thus cannot connect to the server looking for Windows-only responses.

framil Mon, 10/17/2005 - 23:48
User Badges:

Thanks for your help.

The solution is to disable the firewall for the cisco connection.... ;)

It's not a really solution but it works now.

the Windows firewall isn't a validate firewall by Cisco ...


jackko Tue, 10/18/2005 - 00:08
User Badges:
  • Gold, 750 points or more

it's good to learn that your issue has been resolved.

according to cisco,

Why should I rate posts?

If you see a post that you think deserves recognition, please take a moment to rate it.

You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.

framil Tue, 10/18/2005 - 00:28
User Badges:


it's once I come here. I don't know the habits

thanks for your help again


This Discussion