VPN Frequently Asked Questions
If I'm running a firewall, what ports need to be opened to access the VPN server?
If your machine is behind a firewall or running a personal firewall, the following need to be opened to the VPN server(s):
- UDP port 500 for IPSEC Key Mgmt
- Protocol 50 for IPSEC Tunnel Encapsulation
The Windows XP firewall prior to SP2 is not compatible with the VPN client and needs to be disabled for the VPN client to successfully connect.
If your firewall (or possibly a NAT box) can not properly deal with IPSEC, you can configure your client to tunnel all IPSEC traffic over UDP port 10000 and simply open that port on your firewall. Do this from Properties, General tab. Click the box next to enable transparent tunneling and then click the radio button for allow IPSEC over UDP.
I have a Linksys Wireless Access Point router. The VPN client works if I connect using a wired connection, but it doesn't work with a wireless connection. Why?
On the Linksys router, there is a known problem with firmware version 1.42.7. If you downgrade to version 1.40.2 or upgrade to version 1.4.3, the VPN client over the wireless connection will work. Please consult your Linksys documentation and/or support for information about downgrading the firmware.
After installing the XP client, the XP welcome screen and multi-user features are disabled. How do I correct this?
The Cisco VPN client installs the CSgina.dll to implement the Start Before Login feature. The CSgina.dll entry can be deleted from the registry to restore the Welcome Screen and Fast user switching features. Using regedit.exe or regedt32.exe, go to registry key:
Delete the value named GinaDLL.
NOTE: You must delete the entire GinaDLL value, not just the value data of "csgina.dll," or the features will not be restored. Doing this does not uninstall the client, but does disable the start before login feature.
I authenticate to the VPN, but then I can't get to anything.
This is a problem with either your host-based firewall or your local firewall dropping IPSEC traffic. Please refer to the first question at the top of this page ("If I'm running a firewall....") for instructions on which ports need to be opened.