Making Cisco VPN Client on Windows XP Work Behind a Router
I recently ran into this situation where I had to configure a Windows XP computer located on an internal network behind a Windows Server 2003 running Routing & Remote Access service to connect to a Cisco VPN. After installing the Cisco VPN on the client the computer was not able to establish a VPN connection from the internal network. However, outside the internal network the connection worked fine. The Windows Server 2003 was configured as a router and the Windows firewall was enabled. I noticed that the firewall was not configured to forward the port required to establish a Cisco VPN connection. I configured the proper port (TCP port 10,000) and the client was able to connect successfully.
I should point out that this scenario doesn’t apply to only the situation I just described, it also applies to situations where computers are located behind a DSL or cable modem and are trying to use Cisco VPN client for VPN connectivity. The following procedure describes configuration of Routing and Remote Access on Windows Server 2003 to add a custom port for Cisco VPN. You should check your router documentation for specific instructions on how to configure ports on the router.
1. Start Routing and Remote Access management console on your Windows Server 2003.
2. Select “NAT/Basic Firewall” under IP Routing.
3. In the details pane on the right-hand side, right-click the network interface that is connected to the Internet and select Properties.
4. Click on Services and Ports tab.
5. Click the Add button and type a description of service, such as Cisco VPN.
6. Make sure that TCP is the selected protocol and then type “10000″ without the quotes in the Incoming port and Outgoing port boxes.
7. In the “Private address” box type the IP address of your external interface that is used to connect to the Internet. Do not use the IP address shown in the sample graphic because it is used only for demonstration purposes.
8. Click OK twice to close all boxes and exit the management console.
Your users should be able to connect to the Cisco VPN now. There is no need to reboot the Windows Server 2003.
