Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPN client 4.01 to 3005 concentrator via a borderware firewall using TCP

I have a remote user trying to access my vpn 3005 servers. the client configured for TCP port access.

he has open the tcp port up on his fw but gets this in his vpn client log.

Unexpected TCP control packet received from x.x.x., src port 15845, dst port 1315, flags 10h¿B

a snoop on my firewall shows

client to vpn - syn packet

vpn to client - syn ack packet

client to vpn - data packet - 6 times

vpn to client - rst packet

looks like the borderware firewall (doing nat) proxy server can't support the IPSEC protocol.

Anyone have any ideas?

(p.s. other VPN users are working ok)

2 REPLIES
Community Member

Re: VPN client 4.01 to 3005 concentrator via a borderware firewa

Hi I'm experinecing a similar situation, with vpn client and the borderware. Since the borderware is my third vendor's firewall, i have no control to it.

Have you find a solution to this? if so, i would really appreciate if you could give me a hint. Thanks in advance.

Community Member

Re: VPN client 4.01 to 3005 concentrator via a borderware firewa

The site i was having the problem at changed to using the UDP/(NAP/PAT) after they enable the IPSEC proxy thing on their firewall. this only gives them one user at a time but it works. this uses UDP port 4500 which must also be enable in the firewall and on the vpn server.

100
Views
0
Helpful
2
Replies
CreatePlease to create content