Article ID: 6637

Cisco VPN and F-Secure Client Security interoperability

Summary

This article explains how to ensure that Cisco's VPN software will work with F-Secure Client Security.

Note: This article assumes technical understanding of F-Secure's products. If you are unsure, please contact F-Secure support for assistance.

Allowing Cisco VPN to create a connection

To establish the VPN connection you need to allow IKE (bi-directional) and UDP (outbound, local port >1023, remote port 62514 and 62515) to the VPN gateway. In addition to this you need to allow all the traffic that you want to use through the tunnel. For example, if you want to use HTTP through the tunnel, you need to allow it. This is because the F-Secure firewall filters the traffic before it is encypted by Cisco VPN.

The Cisco VPN client has a built-in stateful firewall which is not compatible with F-Secure Internet Shield. If Cisco VPN is installed before F-Secure Anti-Virus Client Security, the sidegrade component disables the firewall in Cisco VPN client. The sidegrade can detect the firewall of Cisco VPN if it has been registered. Cisco VPN registers the firewall during the first VPN connection, so if the VPN client has been installed but not used, sidegrade might not be able to identify the Cisco VPN client firewall. In that case you can disable the integrated firewall manually.

To disable the firewall in Cisco VPN Client, you need to do the following:

1. Click Start and then Control Panel to open the Control Panel window.
2. Double-click System to open the System Properties dialog.
3. In System Properties, select the Hardware tab and click the Device Manager button.
4. In Device Manager window, select first Devices by type and then Show hidden devices from the View menu.
5. Right-click "vsdatant" in Non-Plug and Play Drivers and select Disable.
6. Restart the computer.

Article ID: 6637
Article Link: http://www.f-secure.com/kb/6637
Last edited: 11/26/2009 12:10:13 PM