Problem: Connection to my comany server fails and I get the message:
"Secure VPN Connection terminated locally by the Client.
Reason 414: Failed to establish a TCP connection."
I'm using client 4.7.00(0510) on my Mac. I had the same problem with 4.6.02 and hoped the upgrade might help - no luck. I imported the profile settings from my Dell laptop (version 4.6.03) which connects successfully. I should add that I was connecting successfully from the Mac until today when changes were made to our corporate server. The corporate IP guys of course won't even talk to a Mac user.
Connection from the Mac seems to get past user authentication OK, but then instead of successfully "securing the communnications channel" it goes back to "Initiating TCP to..." and then to the error message above. I've turned off my firewall, so far with no difference.
Can someone tell me what steps the connection goes through, and where this might be getting hung up?
On your VPN client - click the modify tab for your connection entry - this will bring up the properties screen for your connection entry - click onto the Transport tab and tick the 'Enable Transparent tunneling' box (IPSec over UDP (NAT/PAT)).
But if your corporate guys have configured your HQ PIX to connect on TCP port number then you'll need to make sure that your VPN client is setup correctly with the apporiate TCP port number, again this can be found under the Transport tab on your VPN client.
Well, as I said, my settings are all as imported from my Dell laptop (which connects successfully) into my Mac (which doesn't). So every setting I can check on either VPN client is identical. And in my case, we're using IPSec over TCP.
Here are more details: We authenticate by the RSA SecurID fob. This does not seem (to me, no expert) to be the problem, but maybe important?
I've set logging to "Hi" on all categories and get the following output (complete details in the attachment) where I think the connect is failing:
First, I connect successfully to the corporate server:
1- No, I'm not sure what I'm connecting to. At one time it was a Cisco 3000 VPN, but that was before the problem started.
2 - On the Mac, nothing (it's usually on but I've turned it off while trying to solve this) and on the Dell I believe the VPN client is running the "Stateful Firewall (Always On) as dictated by the server.
I think you've hit the nail on the head regarding my problem. The Mac client has no way to respond to the AYT or CPP push policies, so it can't connect. Seems like a pretty big flaw, which should be more prominently communicated so people like me don't waste so much time trying to make it work.
I'd like confirmation that there's no solution to this problem, or better yet a solution.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...