Question

Cisco VPN Client Connection to Concentrator-Reason 414:Failed to Establish a TCP connections

Asked by: accessint

Hello,
I have been connecting to a VPN concentrator for the past two years with my old pc.  I received a new Dell D820 and have only had it successfully connect once.  When I try to connect, after a few seconds I get the error, "Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP connection.  Connection terminated on:..."
I am convinced that it is a problem with my computer because many other employees are able to connect just fine, including another computer that I have at home that is behind the same linksys router.
Detailed Troubleshooting Info:
I have tried reinstalling the VPN Client about 5 times.  4 Times with an older version of the client and the last time with the most recent version that I could find on the cisco website(Version 4.8.01.0300).
I found alot on the internet about the VPN Client needing certain ports open on the personal computers firewall....So, I tried opening those ports to no avail.  I am running windows XP SP2 and I even turned of the built-in firewall completely to see if that would make a difference.  I also tried setting the mtu to 576 and 1300 incase there were problems with that.  I have included the VPN Client log below and am willing to lookup any further information that you may need to answer this question.  In the logs, I have changed the DNS of the VPN concentrator to vpn.mydomain.com and have changed the IP of the concentrator to <ip of concentrator>.  By the way,I am connecting to the VPN server through TCP on port 80.  
Thanks,
Danny


Cisco Systems VPN Client Version 4.8.01.0300
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1      08:01:12.718  10/06/06  Sev=Info/4      CM/0x63100002
Begin connection process

2      08:01:12.734  10/06/06  Sev=Info/4      CM/0x63100004
Establish secure connection using Ethernet

3      08:01:12.734  10/06/06  Sev=Info/4      CM/0x63100024
Attempt connection with server "vpn.mydomain.com"

4      08:01:12.750  10/06/06  Sev=Info/6      CM/0x6310002F
Allocated local TCP port 1068 for TCP connection.

5      08:01:13.031  10/06/06  Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

6      08:01:13.031  10/06/06  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

7      08:01:13.031  10/06/06  Sev=Info/6      IPSEC/0x6370002C
Sent 4 packets, 0 were fragmented.

8      08:01:13.031  10/06/06  Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

9      08:01:18.031  10/06/06  Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

10     08:01:23.531  10/06/06  Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

11     08:01:28.531  10/06/06  Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

12     08:01:33.031  10/06/06  Sev=Info/4      CM/0x6310002A
Unable to establish TCP connection on port 80 with server "vpn.mydomain.com"

13     08:01:33.031  10/06/06  Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

14     08:01:33.031  10/06/06  Sev=Info/4      CM/0x6310002D
Resetting TCP connection on port 80

15     08:01:33.031  10/06/06  Sev=Info/6      CM/0x63100030
Removed local TCP port 1068 for TCP connection.

16     08:01:33.031  10/06/06  Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

17     08:01:33.531  10/06/06  Sev=Info/6      IPSEC/0x63700023
TCP RST sent to <ip of concentrator>, src port 1068, dst port 80

18     08:01:33.531  10/06/06  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

19     08:01:33.531  10/06/06  Sev=Info/4      IPSEC/0x63700014
Deleted all keys

20     08:01:33.531  10/06/06  Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-10-06 at 07:19:35ID22015490
Tags

vpn

,

414

,

connection

,

cisco

,

establish

Topic

Virtual Private Networking (VPN)

Participating Experts
2
Points
0
Comments
11

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco Vpn 3000 and Linksys BF41 IPSEC lan to lan tun…
    I have at my office a cisco 2912, cisco pix 506, cisco vpn 3000 I am using a Linksys BF41 to link up the ipsec lan to lan, I can establish the connection but have no access to any resources and I cannot ping, any computers, I have used the route add function on our win 2003 ...
  2. VPN Tunnel between a Cisco 515 to Linksys RV042
    I need to setup a VPN Tunnel between a Cisco 515 and a Linksys RV042. I currently have two 501s connected to this 515, so do I need additional programming. I know I need to add the programming for the new subnet in my access lists, add the line for the peer, and program the...
  3. Cannot setup the VPN tunnel through Linksys WRT54G
    I'm using the Cisco VPN client to connect to my HQ PIX Firewall 506. nat-traversall (on PIX) and Transparent Tunneling (VPN client) has been enabled. When I use the dailup, it could connect successfully. If I connecting to internet through the Linksys WRT54G v2. It couldn't w...
  4. Route other taffics in a IPSec VPN tunnel.
    Site A > Router > Site B FW > VPN > Site C FW > Router > Site D Site A: 192.168.0.0/24 Site B: 10.1.1.0/24 Site C: 172.16.1.0/24 Site D: 192.168.10.0/24 I know how to setup the VPN between Site B and Site C, and its working now, but as I have to enter ...
  5. VPN - PIX 506 to Linksys WRVS440N IPSEC Tunnel
    Having problems trying to setup a PIX to accept IPSEC tunnels from both remote clients using Cisco VPN Client as well as a site-to-site tunnel connecting to a Linksys WRVS4400N. Everything is working ok for the remote clients but I cant seem to make a connection to the WRVS44...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: mmetricsPosted on 2006-10-06 at 08:17:56ID: 17677120

Hi

1) Does the new PC have WiF & are you using that to connect? If so, has it connected to your router? Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?

2) Do you have any other security product on the new PC. Some AV products also have some firewall functionality.

3) Is there Web acceleration software on the machine? If so, I'd guess it'd interfere with your use of TCP port 80.

4) Can you try it on another port, or even on UDP? You should not have to configure anything on the router to allow that to work as the client is using transparent tunnelling.

5) I can't check at this point but IIRC, not all versions of the Cisco VPN client will work with all concentrators (I'm not entirely sure about this& will check). Which concentrator are you using?

 

by: accessintPosted on 2006-10-06 at 08:42:05ID: 17677332

Hi

1) Does the new PC have WiF & are you using that to connect? If so, has it connected to your router? Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?
Yes it does have WiFi and I am using that to connect.  My wireless access point at home that I am trying to connect through is also my router which is a Linksys WRT54G.  The last question of " Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?" please clarify.


2) Do you have any other security product on the new PC. Some AV products also have some firewall functionality.
I am not running any security products besides the windows firewall and Antivir antivirus.  I opened Antivir and found no reference to any firewalling functionality in the program itself.

3) Is there Web acceleration software on the machine? If so, I'd guess it'd interfere with your use of TCP port 80.
Nope.

4) Can you try it on another port, or even on UDP? You should not have to configure anything on the router to allow that to work as the client is using transparent tunnelling.
I can change that on the client easily.  However, how hard is that to change on the concentrator.  I manage the concentrator as best I can but know little about it. How do you set up udp or different ports for tcp?

5) I can't check at this point but IIRC, not all versions of the Cisco VPN client will work with all concentrators (I'm not entirely sure about this& will check). Which concentrator are you using?
VPN Concentrator Type: 3005
Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.Rel May 06 2003 13:13:03

Thanks,
Danny

 

by: mmetricsPosted on 2006-10-06 at 09:30:11ID: 17677754

Hi

Thanks for the concise, helpful answers.

>The last question of " Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?" please clarify.

I had meant:  if you were using a cable to connect but WiFi present on the PC had managed to find an open connection. If that happens, you get two routes to the Internet & windows can get confused :) However, that bit is now irrelevant as you know where the WiFi is going & it's your router/AP.

The default setup for VPN client access on a 3000 is UDP (NAT/PAT) AFAIK. You can check what your VPN group is set to when logged on to the 3000: expand User Management, then Groups. Select the Group you are using for the VPN & clickon Modify. Click on the Client Config tab. make sure the IPSEC over UDP box is checked and that the port says 10000 (or something else if you have reason to change it - see the rules to the right of that screen). Click on Apply at the bottom of the page but don't save the changes until you see if they work! Make sure your client VPN config is set up to use IPSec over UDP.

I've just realised that the client & the 3000 don't match. In the client, you can select IPSecover UDP or TCP, & for the latter you can select a port. On the 3000 you can select IPSec over UDP as an option & a port. But not for TCP. Odd. I'll look into that later.

Obviously, if the changes work, you'll have to set up the other PC's VPN client to match.

 

by: accessintPosted on 2006-10-06 at 10:22:14ID: 17678418

In my group configuration, even thought the UDP Port was set to 10000 the checkbox next to "IPSec over UDP" was unckecked.  I also added a few different ports to try with TCP.  I don't know why they are in a different place but this is where I found the TCP Settings: Configuration | System | Tunneling Protocols | IPSec | NAT Transparency.
I will try to connect with the two new TCP ports that I set-up and then I will try to connect over UDP now that the checkbox is selected.  I will be trying it this afternoon.
Thanks,
Danny

 

by: accessintPosted on 2006-10-06 at 18:00:40ID: 17680994

Hello,
I tried three different TCP ports, none of which worked.  I then tried UDP.  It was really strange.  I was able to log in with the VPN Client, but then I still had no access to the remote network.
I tried uninstalling the VPN client and reinstalled it.  It didn't work.
Then, just to see if it would work, I tried a wired connection to the Router.  Sure enough, it worked.  I tried two TCP connections and the UDP connection on the client all of which worked wonderfully.  However, as soon as I switched back to wireless it didn't work.
The other computer I have at home is has a wire connection to the router and that is why the VPN works on that machine.  
So now the question is, why does the wireless create problems with the VPN and how do I get the wireless to work.
Thanks for your help so far.  We are making progress.
Thanks,
Danny

 

by: accessintPosted on 2006-10-06 at 18:02:34ID: 17681000

As an additional note:  The VPN connection does not work from college either where I am connected wirelessly.  For this reason, I don't think that it is a router setting.  

 

by: accessintPosted on 2006-10-06 at 18:35:18ID: 17681064

I figured it out.  For those that are getting this same problem: the key was that I am using a Dell Wireless 1390 WLAN Mini-card.  After realizing that it must be the wireless cards that was stopping the connection.  I looked on dells site for new firmware.  I had the most recent version.  I then came across a knowledgebase article describing how this particular wireless card has problems with VPN client versions 4.6 or higher.  It detailed a workaround that was simply disableing VLAN Priority Support on the network card.  I tried this and everything worked as it should.
Here is the dell knowledgebase page: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&docid=152D7D67033477DFE0401E0A5517188F&journalid=BDF081B355A211DB97C60767E62D0E13&l=en&s=gen

The knowledgebase article was Journal: 06279SP2HZ and document number 300602 if the link ever gets broken.

 

by: accessintPosted on 2006-10-06 at 18:48:24ID: 17681093

mmetrics,  
I am new to the posting questions thing.
Even though you didn't end up answering the question, you did ask some questions that lead me to the answer.
Is there a way to still award partial points to you?
Is there a way to mark my own comment as the answer?
Thanks,
Danny

 

by: mmetricsPosted on 2006-10-07 at 07:40:34ID: 17682747

Hi Danny

Glad you found the answer - sometimes someone asking questions, even dumb ones :) is all it takes to set you on the track.

As for the points & accepted answer things, I don't know - we'll have to leave that to a moderator...

 

by: NetminderPosted on 2006-10-12 at 12:14:57ID: 17718434

Closed, 500 points refunded.
Netminder
Site Admin

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...