Did you get this working?
I was going to ask what was new about your setup. Didn't read through the
whole chain - but did it ever work and now it's broke? Fill me in.
Another thing - I moved to Comcast recently and mine broke as a result.
There are a couple ways to configure a Cisco VPN Client and head-end (router,
vpn concentrator, pix, asa) to compensate for folks like Comcast.
In a nutshell, using the TCP/10000 (default port) is the answer, but this
ONLY works if your head-end support folks allow and configure it. To your
cable modem (and say Comcast) this VPN traffic now appears as a straight-up
TCP flow (like www, ftp) - no IPSec stuff, no IKE/ISAKMP stuff, no ESP
protocol translation and no negotiation. In other words, unless someone is
specifically blocking that TCP port (10000), then it works.
Oh, and is applies here, as far as I know, this is a Cisco only feature -
Cisco VPN client to Cisco head-end. All head-ends (with current code) that
support a 4.0+ Cisco VPN client support this feature. As a help to pitch
this to the head-end folks - that with this, only one port is needed through
a filter/policy (ACL) to support the VPN clients - simple.
Hell for that matter - try it out. Modify the connection entry, Transport
tab, Checkbox for Enable Transparent Tunneling, and the radio-button for
IPSec over TCP - guess leave the port value at 10000. If it doesn't work -
then you know where to go from there.
Hope that helps.
