Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

The Stateful Firewall (Always On) option in the Cisco VPN Client software version 4.x for Windows causes continuous traffic disruption

Core issue

This problem occurs due to the presence of the bug CSCdz63183.

Note: For testing purposes, complete these steps to reproduce the bug:

  1. Enable an Ethernet adapter but with no cable plugged in. Make sure the cable was not plugged in since the last reboot.

  2. Start FwTest.exe and enable Stateful Firewall.

  3. Plug the Ethernet cable into the NIC card and wait for Windows to configure the IP address.

  4. Ping a machine on the associated network. The inbound is blocked and the ping fails.

  5. If you disable the Stateful Firewall, the ping succeeds.

Stateful Firewall:

  • Tracks state of connections for protocols such as TCP, UDP, ICMP.
  • Evaluates rules only on the first packet of a session.
  • Can be configured to do “directional” protection.
  • Filters illegal packet types and non-established connections.


For a workaround, turn off the Stateful Firewall before activation of the Network Interface Card (NIC) or wireless card. Then plug in the cable or card and turn on the Stateful Firewall.

Alternatively, upgrade the software version to 4.8(0.440) or the latest. Refer to Software Download: Windows VPN Clients.