SEF VPN 7.0 client-239 Sending TCP Reset as port (80) not allowed.

[rlee1]

end user connecting, Authenticating and being disconneted

seeing the following in the client logs

239 Sending TCP Reset as port (80) not allowed. Original packet (212.xxx.xx.xx->212.1xx.xxx.xx: Protocol=TCP[SYN] Port 2625->80) received on interface 212.1xx.xxx.xx

why would port 80 want to reset?

where the first IP is in his ISP and the 2nd is his assigned IP from the ISP. we added back in the inside NIC address of the FW to his DNS for a path back out.

 

[freakylinks]

Only half of that made sense. That particular error is usually the result of no rule. The users IE should be proxied to the inside interface of the firewall (Inside IE. Closest to the point of communication termination.) Then there must be another rule for the traffic to go back out.

The rule shoul include the VPN in the incomming, and universe in the outgoing, with the proper interfaces in between. This should allow the traffic to go in, then bounce back out.

1) Dns is the users group to inside interface's IP address

2) Proxy, if you want to allow user back out though you.. Which is what it looks like is happening.

3) Rule to allow that traffic.. (should include vpn in definition)

 

[rlee1]

d'oh -rereading the first post it makes half sense to me now, too sorry for the confusion.

the solution was to uninstall the FW client, reinstall and then apply all patches and go to 7.0.1