|
|
|
Good day all,
I have a bit of a crisis this morning and I'm hoping someone has some advice. We had several VPN clients go down this morning as their IT group replaced the firewall with a new Cisco ASA 5520 unit. The new firewall appears to be killing the OpenVPN connection 'handshake" in the middle somewhere. Just so you know, we run OpenVPN
2.0.9 and use TCP as the connection method. This has worked at many other sites with several different firewalls.
According to their IT group it looks like the Cisco firewall is blocking a packet coming back to them at port 2000/tcp. However, as we all know the connections are started from the client side, so this just doesn't make sense.
Here is my config on the client end:
client
dev tun proto tcp remote xx.xx.xx.xx 2000 float resolv-retry infinite port 2000 persist-key persist-tun mute-replay-warnings ca ca.crt ns-cert-type server comp-lzo verb 3 mute 20 route-delay 5 By the way, I tried switching to "proto udp" and the connection does work. However, I'd rather not run a separate UDP service for this one site as it would actually be a big pain to reconfigure everything else that would go along with switching them. It's a long story.... I just would like to know if there's any way to get this old connection back up and running.
Thanks!
Jeff
|