Using Cisco VPN Client 4.0.3 (D) with Windows XP Service Pack 2
 
computer support
Search How to's
Computer Training
  

The "Cisco Systems VPN Client" is Virtual Private Network (VPN) software for use by Penn State faculty, staff and students when connecting to a Penn State network from any other ISP (Internet Service Provider).

IPSec or IP Security Protocol provides data confidentiality and authentication between computers during a VPN connection. In November 2003, Information Technology Services (ITS) at Penn State re-configured their VPN Concentrator to allow IPSec over TCP. ICT then recommended that County Extension office staff use IPSec over TCP. This option appeared to allow you to stay connected longer than the IPSec over UDP choice.

With the release of Windows XP Service Pack 2 (SP2) in August 2004, a built-in Firewall was included. Note: a Firewall may be either a program or a hardware device that 'filters' information coming into your computer or office network. If an incoming packet of information is flagged by the Firewall's filters, it is not allowed through.

The default configuration of the Windows Firewall control panel in Windows XP SP2 prevents the Cisco VPN client software from communicating successfully with the VPN server if you are using the IPSec over TCP choice. The needed packets can't be exchanged. To be able to successfully connect with the Cisco VPN Client version 4.0.3 (D), you have the following four options. These workarounds should be applied in order. When you are able to connect with the Cisco VPN client, you may stop.

Option 1 - Open UDP Port 62515

  1. Click Start, and then click Control Panel.
  2. Double-click Windows Firewall (or click Security Center and then Windows Firewall).
  3. In the Windows Firewall control panel, click the Exceptions tab.
  4. Click Add Port.
  5. In the Name field, type VPN_UDP_62515.
  6. In the Port number field, type 62515.
  7. Click the UDP radio button.
  8. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  9. Click OK to close the Windows Firewall control panel.
  10. Attempt to connect with the Cisco VPN Client. If successful, you are finished.

Option 2 - Open TCP Port 10000 and UDP 4500

NOTE: These steps 'open' two more ports for the VPN client to pass through.

  1. Click Start, and then click Control Panel.
  2. Double-click Windows Firewall (or click Security Center and then Windows Firewall).
  3. In the Windows Firewall control panel, click the Exceptions tab.
  4. Click Add Port.
  5. In the Name field, type VPN_TCP_10000.
  6. In the Port number field, type 10000.
  7. The TCP radio button should already be selected.
  8. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  9. Click Add Port.
  10. In the Name field, type VPN_UDP_4500.
  11. In the Port number field, type 4500.
  12. Click the UDP radio button.
  13. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  14. Click OK to close the Windows Firewall control panel.
  15. Attempt to connect with the Cisco VPN Client. If successful, you are finished.

NOTE: If still unsuccessful, you may leave the three ports that you've 'opened' in the Windows Firewall control panel. To turn them off, reopen the Windows Firewall. Either uncheck the port or highlight the port name and click Delete.

Option 3 - Switch to IPSec over UDP (NAT/PAT)

NOTE: If you are unable to connect with the IPSec over TCP option, these steps will change your VPN Client software to the IPSec over UDP (NAT/PAT) choice.

  1. Open the VPN dialer by double-clicking on the desktop shortcut (if you have one); or, click the Start menu, then All Programs, Cisco Systems VPN Client, and VPN Dialer.
  2. When the Cisco Systems VPN Client window opens, click the Options drop-down list button and select Properties.
  3. Click the IPSec over UDP (NAT/PAT) radio button.
  4. Click OK.
  5. Attempt to connect with the Cisco VPN Client. If successful, you are finished.

Option 4 - Turn off the Windows XP SP 2 Firewall

NOTE: If you are unable to connect with any of the above options, these steps will turn off the Windows Firewall. You will then be missing out on an important new addition to Windows XP. But, you should be able to then use the VPN Client software as you did prior to the installation of SP 2.

  1. Click Start, and then click Control Panel.
  2. Double-click Windows Firewall (or click Security Center and then Windows Firewall).
  3. Click the Off (not recommended) radio button.
  4. Click OK to close the Windows Firewall control panel.
  5. Attempt to connect with the Cisco VPN Client.
IT Homepage | IT Site Index
Penn State University | College of Agricultural Sciences | Search | Contact Us
©College of Agricultural Sciences
This publication is available in alternative media on request.
Penn State is an Affirmative Action, Equal Opportunity University.
Please e-mail us with your questions, comments or suggestions at AgCompSupport@psu.edu
 
How To Use Cisco VPN Client 4.0.3 (D) with Windows XP Service Pack 2
8/27/2004
vcv
updated 12-22-04 [vcv]
 

Penn State Home The College of Agricultural Sciences ICT Home