Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Port 10000 problem

Posted on 2004-10-12
13
Medium Priority
?
1,044 Views
Last Modified: 2008-01-09
Hi all.

I'm using the Cisco VPN client.  When I VPN into the network, I need to connect to an application that is running on port 10000 on a host.

I can browse the host's drives, ping it, etc.  I can do everything fine except connect to the application (it's MAS200), which is running on port 10000.  The host and application is up and running as users in the LAN are able to connect.

The firewall is a Cisco PIX 501.  Is there anything special I have to do to disable some kind of port conflict on port 10000 between the PIX and the VPN client?
0
Comment
Question by:surbit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
13 Comments
 

Author Comment

by:surbit
ID: 12291647
Oh, one more interesting thing.  I can telnet into the host by the IP address on port 10000.  But when I try to telnet into the host via the computer name, it doesn't work.  Yet I can ping the host by the computer name.

So if I telnet 192.168.1.5 10000, it works.

I can ping host_a and it resolves to 192.168.1.5.

I cannot do this:  telnet host_a 10000.  I do have a WINS server enable for the VPN client.



0
 

Author Comment

by:surbit
ID: 12291943
No, the above comment is incorrect.

When I ping host_a, it resolves to 192.168.1.10, which is the wrong host.  In fact, whatever I ping, it resolves to the same 192.168.1.10 address.  I can even ping a non-existent host such as adfasfasdfasfsafas and it will resolve to 192.168.1.10.  I think this is the problem.  Any solution?  Thanks.
0
 
LVL 15

Accepted Solution

by:
Frabble earned 1000 total points
ID: 12292235
I guess you're also using DNS to resolve names.
Is there a host entry for host_a in your default DNS domain? Given that non existent hosts resolve, I suspect that there is a wildcard address entry (*) pointing to 192.168.1.10 and presenting you with this problem.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 

Author Comment

by:surbit
ID: 12293215
But the LAN users are using the same DNS server and they can resolve all the names properely.
0
 

Expert Comment

by:gunite
ID: 12294155
Just permit UDP port 62515 from any host.
This traffic/ports will never be seen with a packet sniffer because this is local to the PC, communication to loopback address (stuff that occur between the VPN softwares different parts)
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 12299505
flush your dns.  

open a command prompt, type ipconfig /flushdns

your VPN client uses port 10000, to make connections to the VPN concentrator.
0
 

Expert Comment

by:gunite
ID: 12299549
Actually there are a wide range of ports that are used internally when the VPN client initializes. I had to enable the setting that allows UDP port  62515 to receive traffic from any host to get my VPN working through my XP Firewall. Without that the client will die without even trying to get out of the machine.
0
 
LVL 10

Expert Comment

by:ngravatt
ID: 12299605
yeah, with SP2 for XP, you can add a entries to the windows firewall that will enable the cisco VPN clinets to work.  Here are the only ports that we added.

TCP Port 10000
UDP 4500
UDP 62515

this has worked on many computers.
0
 

Author Comment

by:surbit
ID: 12301960
There is no Windows Firewall on the workstation.  Do I need to permit ports on the PIX side?  If so, what are the commands?  Thanks for the inputs thus far.
0
 
LVL 10

Assisted Solution

by:ngravatt
ngravatt earned 1000 total points
ID: 12302165
All you need to do is add a rule to the firewall that allows VPN users (whatever thier IP address range is) to have access to MAS200 on port 10000.

There will be no port confict.  The VPN user establishes a connection to the VPN concentrator using a random port as the source.  
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question