Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Protocol/Port Blocking and Broadband

Hello

We have a user that has recently moved and now has Optimum Online as his broadband provider. The problem that he is now experiencing is that when connecting with the VPN client using the setting "Allow IPSEC over UDP", the client and the concentrator shows him as authenticated, but with no bytes neither transmitted nor received. When he uses the setting "Allow IPSEC over TCP", he cannot establish a connection at all.

According to Optimum Online's technical support, they only block ports 80, 137-139, 1080, 2128 and 8080. They believe that we should be able to establish a VPN connection and have it work, but are unwilling to help (ie. they only guarantee connection to the Internet, nothing else...).

Is there any way to determine exactly what is causing the lack of connection?

The user has a Windows 2000 laptop with VPN client version 3.6.3B, connecting to a VPN3030 Concentrator running version 3.6.7A. If I take the laptop to my house, using Verizon DSL, he can connect with no problem. It appears to be an issue with Optimum Online, but I'd like to definitively know.

Thanks for any help!

Justin

2 REPLIES
Bronze

Re: Protocol/Port Blocking and Broadband

Hi,

Make sure that in your network, UDP port xxxx (default 10,000 - in case of IPSec/UDP) is not being blocked anywhere. For IPSec/TCP dont use 80, use sth non-standard (like 10002, 10010 etc).

Best course of action would be to prove to the ISP that they are blocking if that doesn't work, and best way to do it is to put sniffer both at your PC (with the client) and also your headend side, and then see if that works.

Thanks - Afaq

New Member

Re: Protocol/Port Blocking and Broadband

We are also experiencing connection issues and have found it to be related to using the USB port from the workstation to the DSL/Cable modem instead of the Ethernet port. Can you please verify this with your user and post back here? I would like to gather more information on this prior to opening a TAC case.

We require TCP connections to our concentrator only and it ALWAYS fails if using the USB adapter. If we allow them to use UDP (which is a bad idea all the way around) then they can connect.

As soon as we move their connection to a proper ethernet interface we can connect via TCP and UDP without issues.

Please let me know what you find I would be very interested to here it. My supervisor thinks I am smoking something funny and there is no way this would be a problem because "certainly someone else would have seen it by now".

Thanks!

84
Views
0
Helpful
2
Replies
CreatePlease to create content