Networking & Telecommunications

If I am running a firewall what ports need to be opened to access the VPN server?

If your machine is behind a firewall or running a personal firewall the following need to be opened to the VPN server(s):

The Windows XP firewall prior to SP2 is not compatible with the VPN client and needs to be disabled for the VPN client to successfully connect.

If your firewall (or possibly a NAT box) can not properly deal with IPSEC you can configure your client to tunnel all IPSEC traffic over UDP port 10000 and simply open that port on your firewall. Do this from properties, general tab. Click the box next to enable transparent tunneling and then click the radio button for allow IPSEC over UDP.

After I associate to the wireless network I can not connect to, what is wrong?

You may have your DNS servers hardcoded rather than using DHCP assigned DNS servers. The IP address of when you are on the wireless network is If you can ping the IP address then you have connectivity and you can connect by changing the host name in the VPN client to the IP address. You should change your configuration to use DHCP assigned DNS servers to avoid this problem.

I have a Linksys Wireless Access Point router; if I connect using a wired connection the VPN client works, but with a wireless connection it does not work. Why?

On the Linksys router there is a known problem with firmware version 1.42.7. If you downgrade to version 1.40.2 or upgrade to version 1.4.3 the VPN client over the wireless connection will work. Please consult your Linksys documentation and/or support for information about downgrading the firmware.

After installing the XP client the XP welcome screen and multi-user features are disabled, how do I correct this?

The Cisco VPN client installs the CSgina.dll to implement the Start Before Login feature. The CSgina.dll entry can be deleted from the registry to restore the Welcome Screen and Fast user switching features. Using regedit.exe or regedt32.exe, go to registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Delete the value named GinaDLL. NOTE: the entire GinaDLL value must be deleted, not just the value data of "csgina.dll" or the features will not be restored. This does not uninstall the client, but does disable the start before login feature.

I authenticate to the VPN, but then I cannot get to anything.

This is a problem with either your hostbased firewall or your local firewall dropping IPSEC traffic. See the instructions for which ports need to be opened.

Back to Networking and Telecommunications
Last updated: 03/06/06