Problem using Cisco VPN to connect through a watchguard firewall

Posted on 2007-10-12
Last Modified: 2013-11-16
interesting little problem I am having with trying to use a Cisco VPN client to connect to a remote client through my WatchGuard X750e. Now, we have another client that we connect to the same way with the same basic configuration and works fine everytime using Cisco VPN client.

Any Thoughts??
Question by:steadfaststeve
    LVL 5

    Expert Comment

    Your probably going to need to allow GRE / AH or ESP through the watchguard - these are protocols often used by VPN clients

    Think u need to allow protocol types 50/51 through (esp\ah) and udp 500/ udp 1000 or 4500 - depending on your setup
    Theres lots of info in google about this - but its a bit all over the place - I am pretty sure that your problem is caused because the above protocols are not allowed through
    I dont know alot about watchguard but in policy manger under VPN i think there is an option for ipsec passthru -that may help
    I can post some links that may help if you like - but there not exact solutions to your problem


    Author Comment

    I have added a policy for the ipsec passthrough, I have also added a policy for Ipsec for ports UDP 4500, ESP, AH, UDP 500. The Cisco Client is not using port TCP 1000 I do not believe but, I still could add it to test it out.
    LVL 5

    Accepted Solution

    Sorry thats tcp 10000 - but I read that cisco can be configured for any port so you need to check the cisco device to be sure

    Have you tried allowing protocol 47 (GRE) some vpn clients use that one too - there should be defaults filters for IPSEC (ESP / AH) and PPTP (GRE) try turning those on apparently there is an IPSEC passthru tickbox under VPN - that should be checked as well
    I dont have a watchguard and have never used one - so Im not familiar with the interface - I would be fairly sure its related to the above protocols tho

    Author Comment

    I appreciate your help, I'll give that a try to see what I come out with.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    Title # Comments Views Activity
    VPN access 5 38
    Cisco Routers 17 69
    Setting up a Radius Server 2 48
    Setting up ipSec VPN between ZyXEL routers 3 19
    One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
    I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now