Cisco VPN and Comodo


I just installed Comodo Firewall as i was having problems with my previous security progams AVG and ZoneAlarm. It would not let me connect to vpn when it was running. I had to shutdown ZA to be able to connect to VPN. Also firefox browser was acting up (and sometimes IE also) by waiting for a page to load all of a sudden and never stopping. Process cannot be killed (it does not disappear and reappearing. it just will not be killed. also not with ProcExp). So i thought it was the firewall.

I installed Comodo and set it to Paranoid mode. I can not connect to VPN with comodo enabled!
Very cool, but now i wonder… is the firewal working correctly? can it be that Comodo is not checking this VPN connection? and how can i be certain that Comodo is working properly? i did the diag check in comodo and it says ‘no problems found in installation’.

My setup:
Vista Home Premium 32bit
Comodo firewall only
Avast AV

Make a rule to block the IP of your VPN concentrator after connecting, apply it, if your VPN connection drops, you know Comodo is working.

Also check your Firewall “Active connections” window to see if you have all “policy allowed” traffic in there.

Check both the Firewall section and the Defense+ section for entries containing Cisco VPN. You might want to set all the necessary Cisco VPN files to have either Trusted or Windows System properties. This way you don’t have to configure separate Global Rules to allow outbound protocols.

For those interested, they are:

* UDP ports 500, 1000 and 10000
* IP protocol 50 (ESP)
* TCP port configured for IPSec/TCP
* NAT-T port 4500

As a side note though. I’ve experienced random computer crashes when CIS (v.477) is running and Cisco VPN is attempting to establish the crypto tunnel. Forcing me to use the powerbutton to recover. Anyone else experiencing this?

Not anymore, what’s your CVPN version ? mine is

Mine crashed randomly on the latest beta of CIS 3.8

I have i believe( i must check at pc itself). I can connect, only vpn stated that the firewall signature does not match and i need to install the native cisco vpn firewall (or something)
I can click close and go on. No disconnections, no crashes

If i “block all traffic” it disconnects and i cannot reconnect. So i think CIS is working correctly on this
If i manually block the ip of the vpn host, i cannot connect to vpn which is a good thing

But i do not know if any other connections from the vpn are blocked or noted. How can i check that?

Due to some weird activity i expanded my config like this
Vista Home x86
CIS 3.8 (Firewall (safe mode) only, D+ (safe mode))
Avast AV
Ad-Aware anniversary ed with resident shield enabled
Malware bytes on-demand
Superantispyware on-demand

I have no problems running these progs like i read in other threads, but i do want to know if CIS is monitorring all incomming connections. Also through vpn.
Avast has a webshield service through whcih all web connections run. This is noticeable in the connections tab of CIS.

I think CIS is working great when i do not have VPn connected, but i like to be sure that CIS has it covered when VPN is connected. How can i check that?

Your remote administrator forces you to use “their” firewall, so there is no way to “circumvent” that.
I’m afraid you have to try to run them both, or disable CIS FW and enable the other one during VPN sessions.

That is what the messages says indeed. but the weird thing is that i can connect and work remote.
And if i stop all inet connections from within comodo, my remote desktop freeze (which is expected and a symptom of connection loss) and a few seconds later my wireless connection is lost and soon after that the vpn is disconnected. All this indicated that comodo is monitoring the vpn on some level right?
And i dont even know how to enable the native firewall. Googled and Cisco uses zonealarm(?).

Before CIS i used ZA free and i had to disable ZA to be able to connect to vpn. Due to some weirdness i decided to switch to CIS and i love it now, plus i can connect ans work while CIS is running.

I guess CIS is protecting my pc’s own connections, but i am not certain about connections comming through vpn. Although i see resolved pc names of the VPN connected to my pc (my work pc for instance) in the active connections tab of CIS.
I’d rather not use ZA again as i find CIS far more superior

CIS firewalls all stuff based on source and/or destination ip’s so it will also firewall your vpn traffic.
Just put in a rule that you know will cause traffic and put “logging” on it, cause some traffic and it will show up in the logfiles…

Hi, I got a similar issue using Comodo firewall and Cisco VPN 4.0.5(D). More deeply I use a PC connected to Internet with Comodo Firewall (latest release) and sharing the internet connection via ICS. Once I try to establish a VPN connection from a different machine the first simply reboot (no blue screen…but may be I need to change the settings to let the system stop on the blue screen).

In the previos Comodo release (3.5.57173.439) I didn’t received any issue using the same configuration. So I think this comes from the new Comodo (3.8.65951.477).

I use the official release The is still a beta release from last year and thus is unsupported. But if you say you’ve experienced no crashes with it I’ll give it a go. I had to uninstall CIS to make the v04.0300 work properly and it’s not a solution I’m content with. But I prefer a stable platform rather than the latest version of any given software, but on this occasion I had to compromise to get some critical workload done…

As for the connectivity problem of the threadstarter, the rules implemented must either be a programwide one or based on ports in the firewall section. Or both for maximum security. This to be able to establish the VPN tunnel and encrypt the traffic. I’m not sure whether CIS firewalls the traffic before or after the tunnel has been established, but I suspect it’s after, on the lower OSI layers. This means that once the tunnel has been established, the traffic inside the tunnel is no longer firewalled. You can’t have an intermediate firewall without breaking the tunnel encryption, as this forces the tunnel to shut down due to integrity being compromised. I have yet to see one that manages this :slight_smile:

But if all this has been achieved and the VPN connection still doesn’t work, try to shut the firewall down. Try to establish a VPN connection again and verify. The logs in the firewall should help a lot too.

For the most part, Cisco VPN relies on IP 50 (ESP) or IP 51 (AH) and UDP 500 (IKE) to establish the tunnel successfully. UDP 4500 or TCP 1000/10000 are used for transparent tunneling, which means you may surf the web outside the tunnel while your business critical information get’s encrypted and goes through the tunnel. This is vital to know when configuring a personal firewall. As the VPN connection may fail if one or more of these ports are blocked. Your VPN administrator should know this and provide you with the relevant information. Furthermore, there are no “native” firewalls embedded in the Cisco VPN client software. Only a stateful packet inspecting feature. It’s there to ensure that the tunneled(encrypted) return-traffic doesn’t get routed outside the tunnel. This to prevent man-in-the-middle attacks, spoofing and asynchronous routing to occur. This however has been remedied in the later Cisco releases, meaning the stateful firewall is no longer needed. But again, ask your VPN administrator for this. Sometimes this feature is turned on unnecessary in the earlier releases, but I think it got removed in the latest as it proved to be a nuisance. Anyways, the “native firewall” are 2 system32 files which I don’t remember right now, but tends to be replaced when installing ZA. Causing Cisco VPN to reinstall or in worst cases crash the computer.

Start the Cisco VPN client while having the Active Connection window open. You should get the confirmation you need on the various ports there.