I'm trying to install the Security Server that's located between outside and inside firewall.
I have setup the IPsec between windows 2008 DC R2 based on the VMware KB below.
But for some reason I kept getting error "Unable to connect to the server on TCP port 4001. Please check that the specified connection server is running and that this TCP port is not being blocked by the firewall.
If the Security Server has been paired with the Connection Server before, it may be that there are existing IPsec rules present on the Connection Server that are preventing this connection. To remote these IPsec rules on the Connection Server use View Administrator and prepare the SS for Upgrade.
And I also try to do that, so now it greyed out.
I don't know how it was paired before because either the install was failed or I clicked on cancel because of the security warning.
If I disabled the Windows Firewall and the connection security rules created above based on the KB, the SS was able to connect to the internal CS. But then I get a warning that it's not recommended to do that.
So I cancelled the installation. (maybe I should just ignore and do it... maybe I'll give it a shot..)
So my question is for the View experts here, how do I get port 4001 to not being blocked by the security rules created based on that KB?
Because I know for sure that my Cisco firewall did not block it. I have spent a few hours with Cisco TAC tracing packet and trying multiple things to make sure no packet is being dropped. The inside Connection Server is just not responding for some reason when the FW was enabled.
I might have to open a case with VMware tomorrow to see if they can help me.
The newer version of View is getting harder and harder now to install with all the restrictions and SSL certificate requirements.Especially when they are relying on Microsoft ipsec to communicate between internal/external servers? 