Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot access VPN server located behind Company firewall.

The VPN Server has been created by myself, in my department. I can access this server from any where when I am in my company's network. When I am at home, I cannot even ping the WAN interface of the VPN server. When I try to connect through cisco VPN client, I get the message "Reason 412: Remote peer is no longer responding"

Is the main firewall in my company blocking outside traffic?

Do I need to modify anything in the VPN server?

I have heard about port forwarding but have no knowledge about it. Is port forwarding done on the VPN server or in the main firewall?

Also should I go and ask the system administrator of the company to enable certain ports for the public IP address I am using for my server?

Hope you can help

Regards

1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Cannot access VPN server located behind Company firewall.

Yes, absolutely correct. Please open ESP protocol, UDP/500, and UDP/4500 for IPSec VPN.

5 REPLIES
Super Bronze

Cannot access VPN server located behind Company firewall.

Yes, you would need to configure the following if your VPN server is behind the Firewall:

1) If your VPN server has private ip address, you would need to configure NAT on the firewall to be able to access that vpn server.

2) You would also need to configure the firewall to allow inbound VPN access as normally inbound access through a firewall is blocked by default.

3) Nothing else needs to be done on the VPN server itself if you can already access the VPN via the internal network.

4) I assume that it is IPSec VPN Client, if yes, then you would need the following opened: ESP protocol, UDP/500, and UDP/4500 (this is the default protocols/ports). If you have changed the VPN ports on the VPN server then you would also need to advise the other ports accordingly.

If it is an SSL VPN Client, then by default it uses TCP/443, or unless if you change the default port to other ports.

Hope this helps.

New Member

Cannot access VPN server located behind Company firewall.

Thank you Jennifer,

The VPN server has public IP address for remote users. Currently, I am able to make an http request to this IP. I think this means that port 80 of the IP is not blocked, right?

It is definitely Remote Access IPSec VPN, I have not made any changes to the VPN ports.

I am making a request to the IT department of the company regarding the ports on monday, so, should I ask them to open ESP protocol, UDP/500, and UDP/4500 ?

Super Bronze

Cannot access VPN server located behind Company firewall.

Yes, absolutely correct. Please open ESP protocol, UDP/500, and UDP/4500 for IPSec VPN.

New Member

Cannot access VPN server located behind Company firewall.

Thanks a lot Jennifer, really appriciate your advice.

Will inform you how I did.

Have a nice Sunday

New Member

Cannot access VPN server located behind Company firewall.

It Definitely worked out fine.

Thanks a Lot

3319
Views
0
Helpful
5
Replies