0

I have Windows Server 2003 installed on a VM and I'm trying to establish a VPN connection using version 5.0.05.0290 of the Cisco VPN Client. When I attempt to connect, I am booted out with a "Firewall policy mismatch" error.

From conversations I have had with co-workers, I am guessing that the Cisco client doesn't like the version of the Windows firewall that is packaged with 2K3. Is this actually the case? Is there another firewall product that I can install to get around this problem?

I know that Cisco doesn't officially support server operating systems when using the VPN client, but I have heard that others have been able to successfully use this client in this OS.

EDIT: In case anybody is curious, I have no trouble using this same client/profile in XP.

bhinks
  • 105
  • 4
  • How are you connecting to the VM? Through RDP or though a VM console type of session? I have experienced problems when trying to start a VPN connection from within an RDP session. This is a know Cisco issue. – Richard West Jul 07 '09 at 14:52
  • I'm running it from a console. – bhinks Jul 07 '09 at 14:54

2 Answers2

0

Try disabling the windows firewall and see if it works. That will help isolate the problem. If your computer is behind a router/hardware firewall then this might be an OK solution. If not, I would recommend getting a hardware firewall...if you want additional software protection you could use IPSec in combination with IP filters to block traffic.

Adam Brand
  • 6,127
  • 2
  • 30
  • 40
  • I have tried disabling the Windows firewall and I have the same problem. I am behind a hardware firewall and I'm not really concerned about extra protection; I'm just trying to make the Cisco client happy since it appears to require some sort of software firewall to be running on my machine before it will allow me to establish a connection. – bhinks Jul 07 '09 at 14:49
0

Your Cisco VPN configuration requires an integrated firewall by policy; that's where the mismatch error is coming from. Problem is Server 2003 only has a very different firewall from 2003 and cisco doesn't think it meets its requirements. You can have the firewall admin (if its not you) disable the firewall policy requirement or you can attempt to enable the built-in firewall through the security configuration wizard in 2003 outlined here -> http://technet.microsoft.com/en-us/library/cc784874%28WS.10%29.aspx

Chances are though, you'll need to have the firewall admin disable the firewall requirement on the vpn configuration from the vpn server as the vpn client may not be able to detect the built-in 2003 server firewall.

drgncabe
  • 395
  • 1
  • 6
  • The Cisco VPN does not require an integrated firewall to work correctly. It's totally dependent on what your firewall admin has set in his VPN policy. The VPN client doesn't really care one way or the other. – GregD Jul 07 '09 at 18:05
  • You are totally correct, the requirement is policy based and is not required by the software alone. Sorry I was unclear, yesterday was a loooong day. – drgncabe Jul 08 '09 at 14:05
  • Ha. No problems drgncabe. I totally know what long days feel like.. – GregD Jul 08 '09 at 14:24
  • Unfortunately I won't be able to have this policy changed by the VPN admin. Thanks for the help, though. – bhinks Jul 10 '09 at 15:07