• February 24, 2025, 12:31:16 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Cisco VPN Client Traffic Being Blocked  (Read 12740 times)

mnelsonx

  • Level 1 Member
  • *
  • Posts: 4
Cisco VPN Client Traffic Being Blocked
« on: November 03, 2007, 11:11:16 AM »
I am trying to connect to my company's VPN using Cisco's VPN client v5.0.  The IT manager says he has 40+ people successfully using this client with the same configuration file I am using, so I believe it's the DIR-625 that's blocking the traffic.  The router log confirms this...but I have been unable to set up any firewall rules or open the correct ports to allow it to work.  Any ideas on the best way to set up the 625 to allow the VPN traffic to pass? 

Log entry for the blocked traffic:
[INFO] Sat Nov 03 14:06:41 2007 Blocked incoming UDP packet from 12.171.237.130:500 to 192.168.250.2:2609
Logged

shaith

  • Level 2 Member
  • **
  • Posts: 28
Re: Cisco VPN Client Traffic Being Blocked
« Reply #1 on: November 04, 2007, 11:36:08 AM »
map the target 2609 to ip address 192.168.250.2 in port forwarding

try connecting without the router in place - does it work now?

Try putting your machine in the dmz - does it work now?

This router passes vpn traffic just fine for multiple vpn clients including MSRA, NAI, and a couple of others I use/have used - without config changes.
Logged

mnelsonx

  • Level 1 Member
  • *
  • Posts: 4
Re: Cisco VPN Client Traffic Being Blocked
« Reply #2 on: November 05, 2007, 06:05:23 PM »
Thanks for your reply.

I have since put my old DI-624 router back into service, and it seems to pass the VPN traffic just fine.  I will try the port forwarding as you suggested and let you know the outcome.
Logged

mnelsonx

  • Level 1 Member
  • *
  • Posts: 4
Re: Cisco VPN Client Traffic Being Blocked
« Reply #3 on: March 11, 2008, 11:28:16 AM »
I finally burned up the DI-624 and got around to trying this on the DIR-625.   This suggestion did not work for me, as the port forwarding is looking for a computer on the inside of the network to pass the packets to/from.  The DIR-625 seems to be blocking the packets coming back in to the network from the Cisco VPN server, which I don't see how to allow from the setup screen.  Still looking for ideas...
Logged

Qev

  • Guest
Re: Cisco VPN Client Traffic Being Blocked
« Reply #4 on: March 12, 2008, 01:42:01 PM »
Under "Firewall Settings":

- Make sure "Non-UDP/TCP/ICMP LAN Sessions" is enabled?

- Try it with the PPTP and IPSec ALGs enabled, and disabled?
Logged

ZaDDaZ

  • Level 1 Member
  • *
  • Posts: 1
Re: Cisco VPN Client Traffic Being Blocked
« Reply #5 on: December 17, 2008, 08:58:58 PM »
I was able to go to the properties of the connection and on the Transport tab select the IPSec over TCP option.  This assumes that your Cisco firewall is configured to allow this type of VPN traffic.  I'm sure there is a way to configure a special application, but this should work perfect as there isn't extraneous UDP packets coming back.
Logged