Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Error 412 for Cisco VPN Client

I am trying to connect to a VPN concentrator that is behind a 2600 router using NAT-T. I have 2 ports open for the NAT-T setup. Port UDP 500 and Port UDP 4500. My access-list are setup to allow traffic NAT from a public ip to a ip of the public interface for the VPN Concentrator. When I attempt to connect then do a sh access-list I have matches on the UDP port 500 but, the 4500 port is not showing any match attempts fromt he outside. It is like My software or computer is not even trying to connect using that port. Any Ideas????


Re: Error 412 for Cisco VPN Client

It looks like you have a few questions posted about getting NAT-T to work to a VPN concentrator. Here's a good URL for troubleshooting VPN problems.

Make sure you've not only configured NAT-T on the concentrator but also that NAT-T is allowed through the public filter (on the public facing interface) on the concentrator.

To configure NAT-T, go to the Configuration | Tunneling and Security | IPSec | NAT Transparency menu and click the box that says "IPSec over NAT-T".

To add rules for NAT-T inbound and outbound to the concentrator, go to Configuration | Policy Management | Traffic Management | Filters. Highlight the Public filter (or whichever is your public-facing interface filter), then click on "Assign Rules to Filter". Select NAT-T in and NAT-T out.

The VPN client should be configured to "Enable Transparent Tunneling" with IPSEC over UDP.


CreatePlease login to create content