I just wanted to add that I have not heard of an instance that IpSec was run over port 10000 its designated port is UDP 500, per the RFC. That is for the ISAKMP/Oakley tunnel connection. Then uses IP 50/51 ESP and AH for the IpSec section of the transmision. This is news to me...where did you obtain these facts from??? curious to know. --- Regards,
On Fri, 22 Feb 2002 10:06:05 Smith, Chris wrote: >Check the policy/configuration of the VPN concentrator. The previous >version (3.0,3.1) provided the ability to wrap the encrypted IKE/IPSEC >traffic in a UDP packet. This provided the ability to prevent the traffic >from being corrupted due to NAT translation, and simplified firewall >rulesets as well. The downside is UDP isn't stateful, so WinProxy (or any >other firewall) may deny the return traffic from the VPN concentrator to >the client. Placing a rule in the firewall to let the udp traffic in from >the concentrator IP address over the specific UDP port (10000 is default) >may solve your problem. > >RTFL - Read The Fine Logs to determine the traffic being denied. > >Chris Smith > >-----Original Message----- >From: Cflynn . Tech [mailto:[EMAIL PROTECTED]] >Sent: Thursday, February 21, 2002 10:55 AM >To: [EMAIL PROTECTED]; Tumarinson, Max >Subject: Re: Cisco VPN client > > >Are you passing both phase 1 and Phase 2 ... ??? Can you ping anything in >the local LAN?? >--- >Regards, > > >On Wed, 20 Feb 2002 12:11:38 > Tumarinson, Max wrote: >>I am trying to set up Cisco VPN client 3.5a behind a Winproxy 4.0h. I >>am able to authenticate, however I can reach anywhere on the LAN. I >>looked in Winproxy support site and they have a document how to fix it. >>However, that solution did not work for me. Does anybody have any >>idea/suggestion how to approach this problem. >> >>Thanks >>*************************************************************************** >***************** >>This message contains confidential information and is intended only >>for the individual named. If you are not the named addressee you >>should not disseminate, distribute or copy this e-mail or its attachments. >>Please notify the sender immediately by e-mail if you have received this >>e-mail in error and delete this e-mail from your system. >> >>E-mail transmission cannot be guaranteed to be secure or error-free >>as information could be intercepted, corrupted, lost, destroyed, >>arrive late or incomplete, or contain viruses. Amalgamated Bank therefore >>does not accept liability for any errors or omissions in the contents of >>this message which arise as a result of e-mail transmission. If >>verification is required please request a hard-copy version. >>*************************************************************************** >***************** >> >> > > >Is your boss reading your email? ....Probably >Keep your messages private by using Lycos Mail. >Sign up today at http://mail.lycos.com > > Is your boss reading your email? ....Probably Keep your messages private by using Lycos Mail. Sign up today at http://mail.lycos.com
