July 6, 2008 03:09am pdt

1. RobWill 269,328
2. batry_boy 232,484
3. lrmoore 113,038
4. arnold 107,903
5. mwecompu... 64,924
6. dpk_wal 52,425
7. mkielar 41,600
8. ebjers 39,050
9. MrHusy 38,470
10. Cyclops3590 32,200
11. Voltz-dk 28,470
12. TechSoEasy 28,114
13. trinak96 26,165
14. keith_al... 21,046
15. stuknhawaii 20,075

1. RobWill 1,422,221
2. lrmoore 913,781
3. batry_boy 407,194
4. grblades 214,434
5. rsivanandan 145,141
6. calvinetter 112,055
7. arnold 109,903
8. dpk_wal 105,425
9. TechSoEasy 101,193
10. mwecompu... 82,724
11. tim_holman 75,964
12. keith_al... 75,885
13. MrHusy 71,744
14. ewtaylor 68,324
15. Cyclops3590 68,145

10.06.2006 at 07:19AM PDT, ID: 22015490

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

Cisco VPN Client Connection to Concentrator-Reason 414:Failed to Establish a TCP connections

Zone: Virtual Private Networking (VPN)

Tags: vpn, 414, connection, cisco, establish

Hello,
I have been connecting to a VPN concentrator for the past two years with my old pc. I received a new Dell D820 and have only had it successfully connect once. When I try to connect, after a few seconds I get the error, "Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP connection. Connection terminated on:..."
I am convinced that it is a problem with my computer because many other employees are able to connect just fine, including another computer that I have at home that is behind the same linksys router.
Detailed Troubleshooting Info:
I have tried reinstalling the VPN Client about 5 times. 4 Times with an older version of the client and the last time with the most recent version that I could find on the cisco website(Version 4.8.01.0300).
I found alot on the internet about the VPN Client needing certain ports open on the personal computers firewall....So, I tried opening those ports to no avail. I am running windows XP SP2 and I even turned of the built-in firewall completely to see if that would make a difference. I also tried setting the mtu to 576 and 1300 incase there were problems with that. I have included the VPN Client log below and am willing to lookup any further information that you may need to answer this question. In the logs, I have changed the DNS of the VPN concentrator to vpn.mydomain.com and have changed the IP of the concentrator to <ip of concentrator>. By the way,I am connecting to the VPN server through TCP on port 80.
Thanks,
Danny

Cisco Systems VPN Client Version 4.8.01.0300
Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 2

1 08:01:12.718 10/06/06 Sev=Info/4      CM/0x63100002
Begin connection process

2 08:01:12.734 10/06/06 Sev=Info/4      CM/0x63100004
Establish secure connection using Ethernet

3 08:01:12.734 10/06/06 Sev=Info/4      CM/0x63100024
Attempt connection with server "vpn.mydomain.com"

4 08:01:12.750 10/06/06 Sev=Info/6      CM/0x6310002F
Allocated local TCP port 1068 for TCP connection.

5 08:01:13.031 10/06/06 Sev=Info/4      IPSEC/0x63700008
IPSec driver successfully started

6 08:01:13.031 10/06/06 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

7 08:01:13.031 10/06/06 Sev=Info/6      IPSEC/0x6370002C
Sent 4 packets, 0 were fragmented.

8 08:01:13.031 10/06/06 Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

9 08:01:18.031 10/06/06 Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

10 08:01:23.531 10/06/06 Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

11 08:01:28.531 10/06/06 Sev=Info/6      IPSEC/0x63700020
TCP SYN sent to <ip of concentrator>, src port 1068, dst port 80

12 08:01:33.031 10/06/06 Sev=Info/4      CM/0x6310002A
Unable to establish TCP connection on port 80 with server "vpn.mydomain.com"

13 08:01:33.031 10/06/06 Sev=Info/5      CM/0x63100025
Initializing CVPNDrv

14 08:01:33.031 10/06/06 Sev=Info/4      CM/0x6310002D
Resetting TCP connection on port 80

15 08:01:33.031 10/06/06 Sev=Info/6      CM/0x63100030
Removed local TCP port 1068 for TCP connection.

16 08:01:33.031 10/06/06 Sev=Info/6      CM/0x63100046
Set tunnel established flag in registry to 0.

17 08:01:33.531 10/06/06 Sev=Info/6      IPSEC/0x63700023
TCP RST sent to <ip of concentrator>, src port 1068, dst port 80

18 08:01:33.531 10/06/06 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

19 08:01:33.531 10/06/06 Sev=Info/4      IPSEC/0x63700014
Deleted all keys

20 08:01:33.531 10/06/06 Sev=Info/4      IPSEC/0x6370000A
IPSec driver successfully stopped

Start your free trial to view this solution

Question Stats

Zone: Networking

Question Asked By: accessint

Solution Provided By: Netminder

Participating Experts: 2

Solution Grade: B

Translate:

Loading Advertisement...

Microsoft

Internet Protocols
Applications

Development
OS

Hardware
Windows Security

Apple

Operating Systems
Hardware

Programming
Networking

Software

Internet

Search Engines
File Sharing
WebTrends / Stats
Spy / Ad Blockers

Web Browsers
New Net Users
Web Development
Chat / IM

Anti Spam
Web Servers
Anti-Virus
Email Clients

Gamers

Tips
Online / MMORPG
Puzzle
Emulators

Action / Adventure
Role Playing
Consoles
Game Programming

Strategy
Sports
Misc
Computer Games

Digital Living

Hardware
New Net Users
New Users

Software
Digital Music
Gaming World

Home Security
Apple
Networking Hardware

Virus & Spyware

Vulnerabilities
IDS
Encryption
Anti-Virus

Operating Systems Security
Software Firewalls
WebApplications
Cell Phones

Operating Systems
Internet
Hardware Firewalls

Hardware

Handhelds / PDAs
Displays / Monitors
Components
Networking Hardware

Peripherals
Laptops/Notebooks
Storage
Servers

Desktops
New Users
Misc
Apple

Software

System Utilities
Industry Specific
Network Management
Photos / Graphics
Page Layout
VMWare
Misc
Web Development

OS
CYGWIN
Voice Recognition
Message Queue
Quality Assurance
Security
Firewalls
MultiMedia Applications

Development
Database
Office / Productivity
Business Management
OS/2 Apps
Server Software
Internet / Email

ITPro

OS
Storage
Encryption
Operating Systems Security
Apple Hardware
Laptops & Notebooks
Servers
Networking Hardware
Peripherals

Devices
Displays / Monitors
WebTrends / Stats
Search Engines
Firewalls
WebApplications
IDS
Vulnerabilities
Email Clients

File Sharing
Spy / Ad Blockers
Web Browsers
Web Servers
Networking
Anti-Virus
Chat / IM
Anti Spam

Developer

Web Servers
Web Browsers
Game Programming
Dev Tools
Industry Specific
Office / Productivity

Database
CYGWIN
Web Development
Search Engines
File Sharing
WebTrends / Stats

Programming
Content Management
Application Servers
Protocols

Storage

Removable Backup Media
Storage Technology
Servers

Grid
Remote Access
Backup / Restore

Misc
Hard Drives

Miscellaneous
Security
Development
Linux
VMWare

MainFrame OS
Unix
Apple
OS / 2
AS / 400

BeOS
Microsoft
VMS / OpenVMS

Database

Oracle
Miscellaneous
MySQL
Software
Sybase
Contact Management
PostgreSQL
Data Manipulation
Clarion
InterSystems Cache

Siebel
MUMPS
OLAP
SQLBase
SAS
GIS & GPS
4GL
Berkeley DB
DB2
Informix

Interbase / Firebird
FoxPro
Reporting
LDAP
Filemaker Pro
MS SQL Server
dBase
MS Access

Security

Misc
Web Browsers
Software Firewalls
Operating Systems Security
File Sharing

Spy / Ad Blockers
Vulnerabilities
WebApplications
IDS
Anti-Virus

Encryption
Anti Spam
Email Clients
VPN
Chat / IM

Programming

Editors IDEs
Installation
Handhelds / PDAs
Multimedia Programming
System / Kernel

Algorithms
Game
Signal Processing
Project Management
Open Source

Database
Misc
Languages
Processor Platforms
Theory

Web Development

Scripting
Blogs
Web Servers
Software
Search Engines
Web Graphics
Images

Internet Marketing
Images and Photos
Components
Document Imaging
Web Languages/Standards
Illustration
WebApplications

Fonts
WebTrends / Stats
Authoring
Digital Camera Software
Miscellaneous

Networking

Protocols
Apple Networking
Network Management
Message Queue
Application Servers
Content Management
File Servers
Email Servers
Misc
Java Editors & IDEs

Wireless
Networking Hardware
Backup / Restore
System Utilities
ISPs & Hosting
Web Servers
Storage Technology
Removable Backup Media
Servers
Broadband

Grid
OS / 2
Novell Netware
Unix Networking
Windows Networking
Security
Telecommunications
Operating Systems
Linux Networking

Other

Community Advisor
Lounge
Community Support
New Net Users

Philosophy / Religion
Math / Science
Miscellaneous
URLs

Expert Lounge
Politics
Puzzles / Riddles

Community Support

Suggestions
New to EE
New Topics
Community Advisor

CleanUp
Announcements
General

Feedback
Input
EE Bugs

10.06.2006 at 08:17AM PDT, ID: 17677120

mmetrics:

Hi

1) Does the new PC have WiF & are you using that to connect? If so, has it connected to your router? Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?

2) Do you have any other security product on the new PC. Some AV products also have some firewall functionality.

3) Is there Web acceleration software on the machine? If so, I'd guess it'd interfere with your use of TCP port 80.

4) Can you try it on another port, or even on UDP? You should not have to configure anything on the router to allow that to work as the client is using transparent tunnelling.

5) I can't check at this point but IIRC, not all versions of the Cisco VPN client will work with all concentrators (I'm not entirely sure about this& will check). Which concentrator are you using?

10.06.2006 at 08:42AM PDT, ID: 17677332

accessint:

Hi

1) Does the new PC have WiF & are you using that to connect? If so, has it connected to your router? Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?
Yes it does have WiFi and I am using that to connect. My wireless access point at home that I am trying to connect through is also my router which is a Linksys WRT54G. The last question of " Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?" please clarify.

2) Do you have any other security product on the new PC. Some AV products also have some firewall functionality.
I am not running any security products besides the windows firewall and Antivir antivirus. I opened Antivir and found no reference to any firewalling functionality in the program itself.

3) Is there Web acceleration software on the machine? If so, I'd guess it'd interfere with your use of TCP port 80.
Nope.

4) Can you try it on another port, or even on UDP? You should not have to configure anything on the router to allow that to work as the client is using transparent tunnelling.
I can change that on the client easily. However, how hard is that to change on the concentrator. I manage the concentrator as best I can but know little about it. How do you set up udp or different ports for tcp?

5) I can't check at this point but IIRC, not all versions of the Cisco VPN client will work with all concentrators (I'm not entirely sure about this& will check). Which concentrator are you using?
VPN Concentrator Type: 3005
Bootcode Rev: Cisco Systems, Inc./VPN 3000 Concentrator Series Version 2.5.Rel Jun 21 2000 18:57:52
Software Rev: Cisco Systems, Inc./VPN 3000 Concentrator Version 4.0.1.Rel May 06 2003 13:13:03

Thanks,
Danny

10.06.2006 at 09:30AM PDT, ID: 17677754

mmetrics:

Hi

Thanks for the concise, helpful answers.

>The last question of " Even if you aren' using it intentionally, has it managed to get a WiFi connection to somewhere?" please clarify.

I had meant: if you were using a cable to connect but WiFi present on the PC had managed to find an open connection. If that happens, you get two routes to the Internet & windows can get confused :) However, that bit is now irrelevant as you know where the WiFi is going & it's your router/AP.

The default setup for VPN client access on a 3000 is UDP (NAT/PAT) AFAIK. You can check what your VPN group is set to when logged on to the 3000: expand User Management, then Groups. Select the Group you are using for the VPN & clickon Modify. Click on the Client Config tab. make sure the IPSEC over UDP box is checked and that the port says 10000 (or something else if you have reason to change it - see the rules to the right of that screen). Click on Apply at the bottom of the page but don't save the changes until you see if they work! Make sure your client VPN config is set up to use IPSec over UDP.

I've just realised that the client & the 3000 don't match. In the client, you can select IPSecover UDP or TCP, & for the latter you can select a port. On the 3000 you can select IPSec over UDP as an option & a port. But not for TCP. Odd. I'll look into that later.

Obviously, if the changes work, you'll have to set up the other PC's VPN client to match.

10.06.2006 at 10:22AM PDT, ID: 17678418

accessint:

In my group configuration, even thought the UDP Port was set to 10000 the checkbox next to "IPSec over UDP" was unckecked. I also added a few different ports to try with TCP. I don't know why they are in a different place but this is where I found the TCP Settings: Configuration | System | Tunneling Protocols | IPSec | NAT Transparency.
I will try to connect with the two new TCP ports that I set-up and then I will try to connect over UDP now that the checkbox is selected. I will be trying it this afternoon.
Thanks,
Danny

10.06.2006 at 06:00PM PDT, ID: 17680994

accessint:

Hello,
I tried three different TCP ports, none of which worked. I then tried UDP. It was really strange. I was able to log in with the VPN Client, but then I still had no access to the remote network.
I tried uninstalling the VPN client and reinstalled it. It didn't work.
Then, just to see if it would work, I tried a wired connection to the Router. Sure enough, it worked. I tried two TCP connections and the UDP connection on the client all of which worked wonderfully. However, as soon as I switched back to wireless it didn't work.
The other computer I have at home is has a wire connection to the router and that is why the VPN works on that machine.
So now the question is, why does the wireless create problems with the VPN and how do I get the wireless to work.
Thanks for your help so far. We are making progress.
Thanks,
Danny

10.06.2006 at 06:02PM PDT, ID: 17681000

accessint:

As an additional note: The VPN connection does not work from college either where I am connected wirelessly. For this reason, I don't think that it is a router setting.

10.06.2006 at 06:35PM PDT, ID: 17681064

accessint:

I figured it out. For those that are getting this same problem: the key was that I am using a Dell Wireless 1390 WLAN Mini-card. After realizing that it must be the wireless cards that was stopping the connection. I looked on dells site for new firmware. I had the most recent version. I then came across a knowledgebase article describing how this particular wireless card has problems with VPN client versions 4.6 or higher. It detailed a workaround that was simply disableing VLAN Priority Support on the network card. I tried this and everything worked as it should.
Here is the dell knowledgebase page: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&docid=152D7D67033477DFE0401E0A5517188F&journalid=BDF081B355A211DB97C60767E62D0E13&l=en&s=gen

The knowledgebase article was Journal: 06279SP2HZ and document number 300602 if the link ever gets broken.

10.06.2006 at 06:48PM PDT, ID: 17681093

accessint:

mmetrics,
I am new to the posting questions thing.
Even though you didn't end up answering the question, you did ask some questions that lead me to the answer.
Is there a way to still award partial points to you?
Is there a way to mark my own comment as the answer?
Thanks,
Danny

10.07.2006 at 07:40AM PDT, ID: 17682747

mmetrics:

Hi Danny

Glad you found the answer - sometimes someone asking questions, even dumb ones :) is all it takes to set you on the track.

As for the points & accepted answer things, I don't know - we'll have to leave that to a moderator...

10.07.2006 at 06:19PM PDT, ID: 17684662

Netminder:

A request has been made to delete or close this question; if there are no objections within four days, the request will be granted.

EXPERTS: Please leave your thoughts on the disposition of this question here.

Recommendation: PAQ/refund

Netminder
Site Admin

10.12.2006 at 12:14PM PDT, ID: 17718434

Netminder:

Closed, 500 points refunded.
Netminder
Site Admin

Accepted Solution

20080236-EE-VQP-29