Cisco VPN Client and MS Proxy 2

Posted on 2003-02-21
Medium Priority
Last Modified: 2013-11-16
I cannot make a Cisco VPN Client connection through an MS Proxy 2 on an XP machine. I can use a separate Dial-up connection and use the VPN fine. Is there a way to make IPsec connections through an MS Proxy 2 using a Cisco VPN Client? If so, what do I have to do to the MS Proxy 2 to allow a VPN conection?
Question by:mflowers
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 8009353
Are you dialing into the MS Proxy machine or dialing Out from that proxy?  

Why are you using the Cisco VPN client?

When you say you can use a separate dial up connection and get it to work fine...do you mean this problematic connection is a broadband connection?

More info please.  :)

Author Comment

ID: 8017729
We have a Cisco VPN 3000 Concentrator with VPN Client Release 3.5 and one of our subs has an internet connection with a Microsoft proxy 2. I believe it is DSL. They also have another connection they can use via dial-up which works with the Cisco VPN client (3.6.2). They are trying to connect to us but their MS Proxy 2 doesn't allow the return packets, as it gives this error: "VPNStart callback failed "CM_IKE_ESTABLISH_FAIL".
I found this disturbing bit of info on the Cisco site

> Note: IPSec over TCP does not work with proxy-based firewalls.

I guess it may not be possible. As they say, "you can't get there from here."

Expert Comment

ID: 8017835
well...you may be right, it might NOT be possible.

BUT...one thing I always do, if I have the extra time to test things...is open ALL connections...or creaet a filter on Proxy that allows ALL communication in and out.  I then test my troublesome connection this way.  If it works...I know then it's just a matter of locking down ports one at a time or deducing that way.

I'm wondering if they reconfigure proxy to allow all communications in...if that VPN connection would work or not?
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

LVL 79

Expert Comment

ID: 8112676
No comment has been added lately (14 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:


Please leave any comments here within 7 days.



EE Cleanup Volunteer
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/


Author Comment

ID: 8161462
Ok. Clean it away. We ended up not using the Cisco client since it was causing us so much grief. According to Cisco, it isn't able to go through an MS Proxy 2, and our networking guys came up with an HTTPS that is just as secure (as far as the corporate guys know). Thanks for the replies.

Accepted Solution

modulo earned 0 total points
ID: 8184759
Finalized as proposed


Community Support Moderator
Experts Exchange

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question