General discussion

cisco VPN client cannot connect to VPN gateway

I use cisco vpn client ver 4.6 in win XP and try to connect to VPN gateway that have public IP.
My computer is connected by direct cable to a router .And this router is connected
to internet by PPPoE .
I use Cisco VPN client ver 4.6 and try to connect VPN gateway .
But It is failure.The error is 412.
But if the same computer connect to internet by PPPoE directly and the VPN client
can connect the same VPN gateway without problem .

Why do I cannot connect VPN gateway when there is router .
How can I fix it ???
Please advice .

Discussion is locked

Reply to: cisco VPN client cannot connect to VPN gateway
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: cisco VPN client cannot connect to VPN gateway
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
- Collapse -
Cisco VPN

This is one of the many reasons cisco and all other vpn vendors have gone to SSL tunneling. If your VPN device is newer it may support this and it uses activex and java so you do not need to install anything on the client.

You solution mostly depends on how the VPN gateway is setup. If it only allows IPSEC then you must configure your router to pass all UDP 500 and all protocol 50 to your PC. Since 50 is not port it is a protocol you cannot just use simple port forwarding to make this work. You need to somehow forward UDP port 500 and this protocol to you virtual address.
How exactly you do this really depends on the router.

If your VPN gateway can run NATT you need to make sure UDP Port 4500 passes your router. Since you are having a issue I suspect your router does not support NATT by default. You should be able to map UDP port 4500 to your PC. You may have to change your VPN client to force it to run NATT but the VPN gateway must be configured to accept this also.

Your last option if you are using certain cisco gateways and clients is to use IPSEC over TCP. This is a something only cisco supports. This only requires the option to be available on both the VPN gateway and the client it does not require any change on your router.

If you have the option I would go to the new SSL VPN these tend to work on almost any machine and behind any router.

- Collapse -
cisco vpn client cannot connect to VPN gateway .

The VPN gateway configuration cannot be changed .
So, I can only change the configure in router and the computer or re-install the cisco VPN client .
Any thing I can do in order to fix it ????what version of vpn client I need to install and what is the configuration ???
Please advice in detailed .

- Collapse -
VPN gateway config

You need to know which of the many options the gateway is using.

It is unlikely it is the client since it works without the router so reinstall is most likely a waste of time. The latest verison of the client would always be best but unless you have a service contract on your gateway you will not be allowed to download it from the cisco site.

I really can only provide general guidance since it is impossible to know the details of every router out there. Almost all routers have the ability to forward ports or place a PC in a DMZ but exactly how you do it varies widely. Still even if I or someone else on this board had your exact router you need to know what options the gateway expects.

I suspect you are going to have to call your IT department and ask them how they have configured the VPN gateway. They should be able to tell you which gateway option they are using which will tell you which ports you must deal with in your router. Hopefully they have some recommended router configuration to help. Unfortunately they may tell you that they do not support your router and you need to buy one that is on their list.

More than likely you can get your router to work but unless IT can give you the configuration you are going to have to learn how things like IPSEC really work.

This cost to IT to support end users is the key reason many companies toss these old VPN solutions in the trash and pay big money to replace the gateways. The reduction of the end user support cost quickly save money.

- Collapse -
The first thing to try is

Put that PC into the DMZ.

Now a comment. VPN on some routers is broken, busted, non-functional and may contain an tar pit. You learn quickly to try the DMZ, a few settings, research the internet but limit your time to a few minutes before swapping out the router.

- Collapse -

I forgot to mention that once we install PPPOE onto a PC that WINSOCK is forever suspect and may not be supportable or even repairable. It may interfere with use on a router. In one extreme case it was not repairable until we reinstalled the OS. We tried but after hours on the phone with Microsoft we knew it was time to move on.

CNET Forums

Forum Info