Configure D-Link DIR 625 for Cisco VPN

connection.Up until recently, the only way I could get my Cisco VPN to work was to place my desktop in the DMZ. I really did not like having to do that. After considerable Internet searching, I could not find any information specific to my D-Link model (DIR 625) for allowing access using a Cisco VPN. Most of the information I was able to locate referenced other models and most made reference to making sure ‘VPN pass-through’ is enabled. Well, AFAIK, the DIR 625 does not have a ‘pass-through’ setting. Other information referred to forwarding port 10000 . However, those failed to mention port 10000 is only used when you configure the VPN to use TCP rather than UDP. My configuration was given to me by our network admin and it uses IPSec/UDP. When I tried to change it, the connection no longer worked even while in the DMZ. I could only conclude the target would only accept UDP.

After a couple of hours of experimentation, I was finally able to establish a connection without being in the DMZ. So that others who may happen to fall into the same situation have a solution, I am providing it here.

The very first thing you must do is to open your D-Link Admin screen, click the Advanced tab on top, and open the Inbound Filter on the left. You’ll need to create a new filter using the IP address where your VPN connects to. You can easily find this by looking at your D-Link log right after an unsuccessful  connection attempt (you’ll see the blocked attempt). An example of an Inbound Filter is given here but with my IP partially blocked. My source range is for one IP address. Pay attention to the ‘Name’ given, it will be used again.


After saving your inbound filter, you now need to open the Port Forwarding item on the left of your screen. You will then add a new rule to forward UDP ports 500 through mach zehnder modulator5000 65536 to your local machine using the filter created in the previous step. Its actually pretty easy because the filter name will be in the drop-down list for the Inbound Filter item. Take a look at this example screen shot:


Save your settings and you should now be able to use your Cisco VPN connection without resorting to using the DMZ.

5 thoughts on “Configure D-Link DIR 625 for Cisco VPN

  1. ricky2009

    Thanks for sharing your input on the DLink 625 and vpn. I was looking for that exact answer, and you were very clear with your explanation! Keep in touch.
    Ricky Schultz

  2. smsalv71

    Thanks for the documentation. For me, I had to also un-check the “IPSec (VPN)” box on the Firewall settings under the Advance tab to make this work. Not sure if this is set by default but it then worked for me.

  3. JohnSWood

    Thanks! I did not realize that there were so many smart people ou there with the same name. I am getting closer…not quite there…here is what my log says…any (more) help appreciated!

    Initializing the connection…
    Contacting the security gateway at…
    Contacting the security gateway at… (balancing)
    Authenticating user…
    Contacting the security gateway at…
    Negotiating security policies…
    Securing communications channel…
    Secure VPN Connection terminated locally by the Client.
    Reason 442: Failed to enable Virtual Adapter.

    Connection terminated on: Aug 24, 2011 22:14:20 Duration: 0 day(s), 00:00.00
    Not connected.

  4. sajanmani

    Awesome, finally after 2 days it worked, whew – [thanks to smsalv71, since that needs to be done to my firewall settings to get it working]

    thanks everybody

  5. aravindhramu

    Using a Dlink-600M router and I don’t see options to configure firewall rules.
    Any help will be appreciated. Thanks !

Leave a Reply