Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPsec client and Vista "ports"

We use an ACL at the router to block wireless users from going anywhere but to a VPN 3030 public interface. With Vista and VPn client 4.8.02, I can't reach the VPN interface (pings fine however), once I removed the ACL, then I connected fine. Seems I need to allow a new protocol or port thru my ACL. Does somebody know if VISTA might use different ports to communicate with the VPN concentrator. When I sniffed the port on my laptop, seems the only difference with Win XP when using the VPN is the UDP source port, but this changes every time I think. The ISAKMP handshake looks the same. Thanks.

Marcelo

5 REPLIES
Green

Re: IPsec client and Vista "ports"

What does your acl look like? For ipsec vpn you need esp protocol, isakmp udp 500, and maybe nat-t udp 4500.

New Member

Re: IPsec client and Vista "ports"

We have been using this ACL and the VPn client for 5 years. It gotta be something that changed with 4.8.02, since this one doesn't work on WinXP either..

I do have esp, isakmp, etc, etc..

Thanks.

New Member

Re: IPsec client and Vista "ports"

Forgot to mention, it is a UDP issue, I confirmed this by allowing any UDP port to our concentrator's public interface on the acl, and the the vpn client works fine. As soon as I go back to "eq isakmp", stops working.

Green

Re: IPsec client and Vista "ports"

Can you log the denies in the router to see what's being blocked?

New Member

Re: IPsec client and Vista "ports"

I will try that. Thanks.

BTW, yesterday I got a message that Cisco released VPN client 5.0

235
Views
0
Helpful
5
Replies
CreatePlease login to create content