Networknet.nl

Recently I was troubleshooting a Cisco VPN client issue. Cisco VPN client version is 4.0.5 and installed on a Windows XP SP2 client with all recent Windows Security updates. After you installed and configured the client you may experience same problem as I did when GPO was configured to enable the Windows Firewall when not connected to Active Directory domain.

VPN Client: Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP connection.

Enable transparent tunneling was enabled  with IPSec over TCP port 10000 to the Cisco VPN concentrator. I changed it to IPSec over UPD and even disabled the transparent tunneling but still same result when connecting. I googled and found one KB article from Microsoft.

http://support.microsoft.com/kb/838207

Update to permit the Cisco VPN Client program to work in TCP transport mode in Windows XP SP2

After you install a pre-release version of Windows XP SP2, if you configure Cisco VPN Client version 4.0.3.D to use Internet Protocol security (IPSec) over TCP, you receive the following error message when you try to connect to a Cisco VPN concentrator:

Secure VPN Connection terminated locally by the Client. Reason 414: Failed to establish a TCP connection.

This problem occurs because the TCP/IP protocol is changed to drop any packets that are directed to the loopback IP address, but that arrive on an interface other than the loopback interface. Because the Cisco VPN client sends packets to the loopback IP address, but the packet comes from a physical interface, the packets are dropped.

I reviewed my Windows Firewall and it was enabled.

I stopped the windows firewall with “cmd /k sc stop sharedaccess” and than I tried to reconnect again. The connection worked without any message and I had connection to my office network. After reading the KB article and stopping the firewall I realized we forgot to add the Cisco VPN client exception in the Active Directory GPO.