D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-625 => Topic started by: mnelsonx on November 03, 2007, 11:11:16 AM

Title: Cisco VPN Client Traffic Being Blocked
Post by: mnelsonx on November 03, 2007, 11:11:16 AM

I am trying to connect to my company's VPN using Cisco's VPN client v5.0.  The IT manager says he has 40+ people successfully using this client with the same configuration file I am using, so I believe it's the DIR-625 that's blocking the traffic.  The router log confirms this...but I have been unable to set up any firewall rules or open the correct ports to allow it to work.  Any ideas on the best way to set up the 625 to allow the VPN traffic to pass? 

Log entry for the blocked traffic:
[INFO] Sat Nov 03 14:06:41 2007 Blocked incoming UDP packet from 12.171.237.130:500 to 192.168.250.2:2609

Title: Re: Cisco VPN Client Traffic Being Blocked
Post by: shaith on November 04, 2007, 11:36:08 AM

map the target 2609 to ip address 192.168.250.2 in port forwarding

try connecting without the router in place - does it work now?

Try putting your machine in the dmz - does it work now?

This router passes vpn traffic just fine for multiple vpn clients including MSRA, NAI, and a couple of others I use/have used - without config changes.

Title: Re: Cisco VPN Client Traffic Being Blocked
Post by: mnelsonx on November 05, 2007, 06:05:23 PM

Thanks for your reply.

I have since put my old DI-624 router back into service, and it seems to pass the VPN traffic just fine.  I will try the port forwarding as you suggested and let you know the outcome.

Title: Re: Cisco VPN Client Traffic Being Blocked
Post by: mnelsonx on March 11, 2008, 11:28:16 AM

I finally burned up the DI-624 and got around to trying this on the DIR-625.   This suggestion did not work for me, as the port forwarding is looking for a computer on the inside of the network to pass the packets to/from.  The DIR-625 seems to be blocking the packets coming back in to the network from the Cisco VPN server, which I don't see how to allow from the setup screen.  Still looking for ideas...

Title: Re: Cisco VPN Client Traffic Being Blocked
Post by: Qev on March 12, 2008, 01:42:01 PM

Under "Firewall Settings":

- Make sure "Non-UDP/TCP/ICMP LAN Sessions" is enabled?

- Try it with the PPTP and IPSec ALGs enabled, and disabled?

Title: Re: Cisco VPN Client Traffic Being Blocked
Post by: ZaDDaZ on December 17, 2008, 08:58:58 PM

I was able to go to the properties of the connection and on the Transport tab select the IPSec over TCP option.  This assumes that your Cisco firewall is configured to allow this type of VPN traffic.  I'm sure there is a way to configure a special application, but this should work perfect as there isn't extraneous UDP packets coming back.