Cisco VPN Client and MS Proxy 2

I cannot make a Cisco VPN Client connection through an MS Proxy 2 on an XP machine. I can use a separate Dial-up connection and use the VPN fine. Is there a way to make IPsec connections through an MS Proxy 2 using a Cisco VPN Client? If so, what do I have to do to the MS Proxy 2 to allow a VPN conection?
mflowersAsked:
Who is Participating?
 
moduloConnect With a Mentor Commented:
Finalized as proposed

modulo

Community Support Moderator
Experts Exchange
0
 
nouelletteCommented:
Are you dialing into the MS Proxy machine or dialing Out from that proxy?  

Why are you using the Cisco VPN client?

When you say you can use a separate dial up connection and get it to work fine...do you mean this problematic connection is a broadband connection?

More info please.  :)
0
 
mflowersAuthor Commented:
We have a Cisco VPN 3000 Concentrator with VPN Client Release 3.5 and one of our subs has an internet connection with a Microsoft proxy 2. I believe it is DSL. They also have another connection they can use via dial-up which works with the Cisco VPN client (3.6.2). They are trying to connect to us but their MS Proxy 2 doesn't allow the return packets, as it gives this error: "VPNStart callback failed "CM_IKE_ESTABLISH_FAIL".
I found this disturbing bit of info on the Cisco site
http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_configuration_example09186a00800946bc.shtml

> Note: IPSec over TCP does not work with proxy-based firewalls.

I guess it may not be possible. As they say, "you can't get there from here."
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
nouelletteCommented:
well...you may be right, it might NOT be possible.

BUT...one thing I always do, if I have the extra time to test things...is open ALL connections...or creaet a filter on Proxy that allows ALL communication in and out.  I then test my troublesome connection this way.  If it works...I know then it's just a matter of locking down ports one at a time or deducing that way.

I'm wondering if they reconfigure proxy to allow all communications in...if that VPN connection would work or not?
0
 
lrmooreCommented:
mflowers
No comment has been added lately (14 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area for this question:

RECOMMENDATION: PAQ question

Please leave any comments here within 7 days.


PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

Thanks,

lrmoore
EE Cleanup Volunteer
---------------------
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post a request in Community support (with a link to this page) to refund your points. http://www.experts-exchange.com/Community_Support/

0
 
mflowersAuthor Commented:
Ok. Clean it away. We ended up not using the Cisco client since it was causing us so much grief. According to Cisco, it isn't able to go through an MS Proxy 2, and our networking guys came up with an HTTPS that is just as secure (as far as the corporate guys know). Thanks for the replies.
0
All Courses

From novice to tech pro — start learning today.