.

VPN and Windows XP

The ‘Cisco Systems VPN Client’ is Virtual Private Network (VPN) software for use by Aston University, staff and students when connecting to the University network from any other ISP (Internet Service Provider). This software is installed on client workstations and communicates with a VPN server located on the Aston Campus.

With the release of Windows XP Service Pack 2 (SP2) in August 2004, a built-in Firewall was included. Note: a Firewall may be either a program or a hardware device that 'filters' information coming into your computer or office network. If an incoming packet of information is flagged by the Firewall's filters, it is not allowed through.

The default configuration of the Windows Firewall control panel in Windows XP SP2 may prevent the Cisco VPN client software from communicating successfully with the VPN server. The needed packets can't be exchanged. To be able to successfully connect with the Cisco VPN Client, you have the following three options. These workarounds should be applied in order. When you are able to connect with the Cisco VPN client, you may stop. 

Option 1 – Open UDP Port 62515

Click Start, and then click Control Panel.

  1. Double-click Windows Firewall (or click Security Centre and then Windows Firewall).
  2. In the Windows Firewall control panel, click the Exceptions tab.
  3. Click Add Port.
  4. In the Name field, type UDP 62515.
  5. In the Port number field, type 62515.
  6. Click the UDP radio button.
  7. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  8. Click OK to close the Windows Firewall control panel.
  9. Attempt to connect with the Cisco VPN Client. If successful, you are finished.

 

Option 2 - Open TCP Port 10000 and UDP 4500

NOTE These steps 'open' two more ports for the VPN client to pass through.

Click Start, and then click Control Panel.

  1. Double-click Windows Firewall (or click Security Center and then Windows Firewall).
  2. In the Windows Firewall control panel, click the Exceptions tab.
  3. Click Add Port.
  4. In the Name field, type TCP Port 10000.
  5. In the Port number field, type 10000.
  6. The TCP radio button should already be selected.
  7. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  8. Click Add Port.
  9. In the Name field, type UDP 4500.
  10. In the Port number field, type 4500.
  11. Click the UDP radio button.
  12. Click OK to add the port. It should appear in the list of Programs and Services. It should be checked.
  13. Click OK to close the Windows Firewall control panel.
  14. Attempt to connect with the Cisco VPN Client. If successful, you are finished.

 

NOTE: If still unsuccessful, you may leave the three ports that you've 'opened' in the Windows Firewall control panel. To turn them off, reopen the Windows Firewall. Either uncheck the port or highlight the port name and click Delete.

Option 3 - Turn off the Windows XP SP 2 Firewall

 

NOTE: If you are unable to connect with any of the above options, these steps will turn off the Windows Firewall. You will then be missing out on an important new addition to Windows XP. But, you should be able to then use the VPN Client software as you did prior to the installation of SP 2.

  1. Click Start, and then click Control Panel.
  2. Double-click Windows Firewall (or click Security Center and then Windows Firewall).
  3. Click the Off (not recommended) radio button.
  4. Click OK to close the Windows Firewall control panel.
  5. Attempt to connect with the Cisco VPN Client.

 

Employable Graduates; Exploitable Research