Cisco VPN client software cannot establish a connection after you install Windows Live OneCare (913965)


The information in this article applies to:

  • Windows Live OneCare
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

SYMPTOMS

After you install Microsoft Windows Live OneCare, the Cisco virtual private network (VPN) client software cannot establish a connection with the VPN server.

CAUSE

To establish a connection, the Cisco VPN client software must have some specific ports open. By default, the Windows OneCare Firewall does not open these ports. Therefore, the Cisco VPN client software cannot successfully establish a VPN connection.

RESOLUTION

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.

To resolve this issue, open the ports in the Windows OneCare Firewall that the Cisco VPN client software requires, and then restart the Cisco VPN service. To do this, follow these steps:
  1. Open the ports that the Cisco VPN client software requires. To do this, follow these steps:
    1. On the left side of the Windows Live OneCare display, click View or change settings.
    2. Click the Firewall tab, and then click Advanced Settings.
    3. Click the Ports and Protocols tab, and then click to select the following check boxes:
      • Authentication Header (AH)
      • Encapsulating Security Payload (ESP)
      • General Routing Encapsulation (GRE)
    4. Click Add.
    5. In the Name box, type UDP62515.
    6. Under Protocol, click TCP or UDP.
    7. In the TCP or UDP list, click UDP.
    8. In both Port Range boxes, type 62515.
    9. In the Direction box, under Settings, click Both.
    10. Under Scope, click Local Network (Subnet), and then click OK.
    11. Repeat steps d through j to add the following ports:
      • Name: TCP10000
        Protocol: TCP
        Port Range: 10000 to 10000
        Direction: Both
        Scope: Local Network (Subnet)
      • Name: UDP4500
        Protocol: UDP
        Port Range: 4500 to 4500
        Direction: Both
        Scope: Local Network (Subnet)
      • Name: UDP500
        Protocol: UDP
        Port Range: 500 to 500
        Direction: Both
        Scope: Local Network (Subnet)
  2. Restart the Cisco VPN service. To do this, follow these steps:
    1. Click Start, click Run, type Services.msc, and then click OK.
    2. In the right pane, right-click Cisco Systems, Inc. VPN Service, and then click Restart.
    Try to connect by using the Cisco VPN client software. If the software still cannot establish a connection, download and install the latest update to the Cisco VPN client software.
Note When you have multiple computers that use Internet Connection Sharing, you may have to repeat these steps on each computer in the network. This includes the Internet Connection Sharing host computer.

MORE INFORMATION

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MajorLast Reviewed:10/9/2006
Keywords:kbtshoot kbprb KB913965 kbAudEndUser
©2004 Microsoft Corporation. All rights reserved.