Hello,
I’m experiencing an issue where a Cisco VPN client fails to connect over my home Wi-Fi, but works fine over a mobile hotspot or work internet network. After extensive troubleshooting, here’s what I’ve confirmed:
- VPN works on the same laptop over 4G hotspot
- VPN fails only on home Wi-Fi
- UDP ports 500 and 4500 are reachable from my home network
- TCP port 443 is open
- With Windows Firewall completely disabled on the laptop the issue persists
- Other VPNs work fine on different laptops (e.g., Norton Secure VPN, Citrix Workspace), indicating the network is generally VPN-capable
This points to a problem related to:
- ESP (IP protocol 50) being blocked or not forwarded correctly
- Lack of IPSec passthrough or broken NAT-T support on the router
Router with versterking points ZYXEL, installed in January 2025.
Could you please confirm:
- Does my router and/or ISP block ESP (IP protocol 50)?
- Is IPSec passthrough and NAT traversal (UDP 4500) supported?
Are these settings user-configurable? (I logged into my router did not find them)
If not, can you enable them remotely?
One more detail:
Could you please check if my internet connection is using CGNAT (Carrier Grade NAT)?
I understand that CGNAT can interfere with VPN protocols such as ESP (IP protocol 50) and IPSec passthrough.
If I am on CGNAT, could you assign a public IPv4 address instead?
Thank you in advance for your help. Let me know what else needed from my side.
A