Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member


We use a Pix 515e for VPN purposes. One remote user that uses AOL 9 is experiencing the following problem according to my boss.

- If he logs into AOL first, then VPN, all is well.

- If he logs into VPN first, then AOL, the routing table doesn't allow access to AOL

- We are blocking port 5190, which is apparently what is used to access AOL through VPN.

Another tech has looked at the issue and just seen intermittent problems with AOL, but this was before the items listed above were found.

Anyone have any insight on the best way to resolve this? Not using AOL is not an option. :)

Community Member

Re: AOL vs. VPN

The reason why if he logs into AOL first and then into VPN is because that traffic has already been established and will not subsequently go through the VPN connection. If however he killed it and restarted AOL after starting the VPN connection, the AOL based traffic will go through the VPN and be affected by your ACL that blocks 5190.

One reason why your tech may have seen intermitten issues has to do with when the user started AOL. Users who had started AOL before VPN I am sure were fine, users who did it afterwards had the issue.

Unfortunately Split-tunneling only allows for having port 80 traffic not utilize the VPN and save you bandwidth of incoming traffic.

The only solution I can think of, is to inform users that since AOL is not allowed internally, when you connect at home, all traffic from the moment you connect will act like you are in the office and will have the same policies enforced. If you so require AOL, be sure to launch and connect to it before you connect to the VPN to guarantee the connection.



Community Member

Re: AOL vs. VPN

Thanks for the response, but here's my issue with blocking port 5190.

This user just got a new laptop. The previous laptop had no problem with AOL. Another tech here can use AOL just fine while connected to the VPN.

Secondly our routers have a 'permit established' on the first line of their ACL. The Pix doesn't block any traffic from remote users. I don't know where/how we would even be blocking port 5190.

CreatePlease to create content