Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

SA520, QuickVPN and Windows Firewall


We've got a SA520 in use and we'd like to connect to it using Cisco QuickVPN client.

Problem is that QuickVPN requires Windows Firewall to be on for the connection to be established (at least when using Windows 7 32-bit). However we are using F-Secure PSB which has it's own firewall and it disables the Windows Firewall at reboot.

Why does QuickVPN require the Windows Firewall to be on? Is there anyway to get around this problem? Perhaps create a batch file that enables the Windows firewall and then starts the QuickVPN client? Or just hope for an update that fixes this issue.

Best regards,

Mika Suhonen

Community Member

Re: SA520, QuickVPN and Windows Firewall

Hello Mika,

I hope I can answer a few of your questions.

When running Windows Vista and Windows 7 OS, by default IPSec sservices are Enabled when the Windows Firewall is turned ON, and the IPSec services are Disabled when the Windows Firewall is turned OFF. This is a component of Windows, so to make adjustments we suggest you Turn your Windows Firewall ON. This is the simplest way to address the Windows Firewall behavior.

As an alternative, you can manually ensure the services needed to establish a Quick VPN connection are in the correct state to allow connectivity:

  • IKE and AuthIP IPSec Keying Modules" are started
  • "IPSec Policy Agent" are started and set up to start automatically
  • "Internet Connection Sharing (ICS)" is stopped

Also, 3rd party software Firewalls may also pose connection challenges, as they will also block ports. We recommend you disable 3rd party AV software or create an exception/allow the Quick VPN application through your AV firewall.

I certainly hope this clears things up a bit.

Community Member

Re: SA520, QuickVPN and Windows Firewall

Thanks for your reply trabb,

I tried to connect the Windows Firewall off and those services configured as you said. Still no luck. Getting "Remote gateway is not responding. Do you want to wait?" error message. With and without 3rd party firewall. As soon as I turn the Windows firewall on the connection is established.

Something in the "Verifying network" stage just requires the Windows Firewall to be on. And doesn't look like it's those services, something else is also needed.

- Mika

Community Member

Re: SA520, QuickVPN and Windows Firewall

There are definately other services needed/used, however the services mentioned are the core compenets used by QVPN and the primary reason we instruct users to turn their Windows Vista/7 firewall ON.

I suggest calling in to the Cisco SBSC to open a ticket.

CreatePlease to create content