3/19/2008 -- I have a Windows XP laptop located on an internal network behind a Windows Server 2003 running Routing and Remote Access service that needs to connect to a Cisco VPN. I've installed the Cisco VPN client on the computer but cannot establish a VPN connection from the internal network. If I'm on another network outside my internal network, the connection works fine. My Windows Server 2003 is configured as a router and the Windows firewall is enabled.

Answer:
You need to configure your firewall to allow the correct port for a Cisco VPN. This applies not only to your network but also to situations where computers are located behind a DSL or cable modem and are trying to use a Cisco VPN client for VPN connectivity.

The following procedure describes the configuration of Routing and Remote Access on Windows Server 2003 to add a custom port for a Cisco VPN. However, if you're behind a DSL or cable modem, you should check your router documentation for specific instructions on how to configure ports on your router.

1. Start the Routing and Remote Access management console on your Windows Server 2003.
2. Select "NAT/Basic Firewall" under IP Routing.
3. In the details pane on the right-hand side, right-click the network interface that's connected to the Internet and select Properties.
4. Click on Services and Ports tab.
5. Click the Add button and type a description of service, such as "Cisco VPN."
6. Make sure that TCP is the selected protocol and then type "10000" (without the quotes) in the "Incoming port" and "Outgoing port" boxes.
7. In the "Private address" box, type the IP address of your external interface that's used to connect to the Internet.
8. Click OK twice to close all boxes and exit the management console.

Your laptop on the private network should now be able to connect to the Cisco VPN. You don't need to reboot your Windows Server 2003 after the above configuration change.