remote CVPN behind firewall that need to connect to VPN 3000 concentrators
I have a sitution that a user of our parnter company need to access our netwrok via VPN connection.
User has Winodow 2000 laptop wiht Cisco VPN clinet 3.5.1 install on the machine. The laptop is siting behind one of the WatchGuard firewall at remote site that does not have a lot document that help to troubleshoot
At our end with VPN 3000 concentrators that work with all the user via internet and dialup connection.
The challenge here is the laptop will work ourside of any network but not this particular type of firwall. The vpn traffice seemd to connect pass first phase that only send about 1476 byte information and nothing going back out to this remote site that behind the WatchGuard firewall.
Q1.Is there certain port that the remote firewall need to open? I read about the UDP port 500 need to opent to allow the IPsec traffice go through.
Q2. Is there any other setting that Cisco VPN client that need to modify to overcome this type of issue?
Thank in advance for all the responds. Your answer and pointer that would make my life easier.
Re: remote CVPN behind firewall that need to connect to VPN 3000
The firewall is probably doing PAT which is killing your IPSec packets.
The VPN client has an option on it called Transparent Tunnelling, which encapsulates your IPSec packets into either TCP or UDP packets which can then be PAT'd properly by the firewall. On the client this is usually enabled by default, but check your connection properties to make sure it's on. Use IPsec over UDP.
On the concentrator, modify the group that this client is connecting into, and under the Mode Config tab check the IPSec over UDP box, this will enable that feature for all users in this group.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...