Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA-520 Firewall is blocking QVPN requests

Hi,

I have 2 SA-520 with the same behaviour, the FW is blocking QVPN requests:

Sat Jan  1 00:25:27 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1062 DPT=60443
Sat Jan  1 00:26:48 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:26:48 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:26:58 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1064 DPT=60443
Sat Jan  1 00:27:18 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443
Sat Jan  1 00:27:19 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443
Sat Jan  1 00:27:24 2000(GMT +0000)WARNFIREWALLKERNEL194.65.10.985.88.145.162[firewall] LOG_PACKET[DROP]  IN=WAN  OUT=SELF SRC=194.65.10.9 DST=85.88.145.162 PROTO=TCP SPT=1066 DPT=60443

I have the "Enable Remote Management?                " with a check on it!

In attach is the CFG.

Thanks in advanced.

Mário.

1 REPLY
New Member

Re: SA-520 Firewall is blocking QVPN requests

This may be late but in case others may find it useful.

Checked the attached configuration of SA520 and the remote management port is set to port 443. By default the QuickVPN client uses port 443 though the logs attached shows that the Destination port is 60443. Can you please check if the QuickVPN client port is set to 443?

Note: If you want to use port 60443, then set 60443 on the Remote management page of SA500 and also for QuickVPN client.

If the problem still persist and QuickVPN client is behind a NAT router, make sure the Firewall is enabled on the PC where the QuickVPN client is installed.

Also, the latest firmware 1.1.42 has fixed some known QVPN issues. You may want to upgrade to 1.1.42 and here is the link -

tools.cisco.com/support/downloads/go/Redirect.x?imageguid=68F68B2F1F9893C1E1AC99906461BDA7AD7B5F7E

741
Views
0
Helpful
1
Replies
CreatePlease login to create content