Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Unable to connect the VPN Server

hi guys!

I have Cisco 3725 Router, running " IOS (tm) 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.3(5a) ". This router is working as gateway for my lan ( ). NAT is configured on the router so all users can access internet & Reflexive access lists are also applied.

I want my remote users, who connect to internet via local ISP, to access LAN servers ( behind the router ). I have configured my router and Cisco VPN Client software Version 4.0 on client system ( windows XP professional is installed on client). Cisco VPN Client is configured to " Use IPSec over TCP (NAT/PAT/Firewall) on port 10000.

When try to connect the vpn client to VPN Server (router) it gives following error

7 Sev=Warning/2 IPSEC/0x6370001E

Unexpected TCP control packet received from X.X.X.X, src port 10000, dst port 1057, flags 14h

while on the router there is nothing to see from client, I enabled " debug isakmp ipsec, and other debugging options too. but there is nothing on the router.

my router config is as follows.....


version 12.3

service tcp-keepalives-in

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption


hostname GRID





enable secret xxxx

enable password xxxx


username xxx password xxxx

aaa new-model



aaa authentication login userauthen local

aaa authorization network groupauthor local

aaa session-id common

ip subnet-zero

no ip source-route




crypto isakmp policy 3

encr 3des

authentication pre-share

group 2

crypto isakmp xauth timeout 60


crypto isakmp client configuration group 3000client

key cisco123




pool ippool

acl Split-vpn

crypto isakmp profile VPNclient

description VPN Clients Profile

match identity group 3000client

client authentication list userauthen

isakmp authorization list groupauthor

client configuration address respond



crypto ipsec transform-set myset esp-3des esp-sha-hmac


crypto dynamic-map dynmap 10

set transform-set myset

set isakmp-profile VPNclient



crypto map clientmap 10 ipsec-isakmp dynamic dynmap discover





interface FastEthernet0/0

ip address secondary

ip address

ip access-group natinbound in

ip access-group natoutbound out

ip nat inside

duplex auto

speed auto

no cdp enable


interface FastEthernet0/1

ip address X.X.X.X X.X.X.X

ip access-group remotein in

ip access-group remoteout out

ip nat outside

duplex auto

speed auto

crypto map clientmap


ip local pool ippool


ip access-list extended Split-vpn

permit ip

permit ip


any help will be appreciated.



New Member

Re: Unable to connect the VPN Server

Do not use Transparent Tunneling on the Cisco VPN Client (TCP/IPSec). The router is expecting a IPSec pkt.

"7 Sev=Warning/2 IPSEC/0x6370001E

Unexpected TCP control packet received from X.X.X.X, src port 10000, dst port 1057, flags 14h "

This is probably a RST (reset) packet that is saying that the router is not listening on TCP port 10000

For Tacacs - your case is just to use local for XAuth


CreatePlease to create content