Reset Search



KB40124 - Unable to establish a connection to the destination server through the VPN Tunnel.

« Go Back


Last Modified Date1/5/2016 9:04 PM
This article describes an issue and solution when Network Connect VPN users are unable to establish a connection an allowed destination server.
Problem or Goal
When this issue occurs, a Windows client machine will be unable to establish any network connections (including ping) to a particular destination IP address. Flushing the Address Resolution Protocol (ARP) cache may temporarily resolve this problem.You may flush the ARP cache by running the following command:

netsh interface ip delete arpcahe

You may be observe a "General failure" reply from ICMP (ping) to the destination server.

Pinging [X.X.X.X] with XX bytes of data:
General failure.
General failure.
General failure.
General failure.
This problem occurs when the TCP/IP driver on the Windows client machine incorrectly selects the loopback IP address ( as the best physical interface for the destination services. See and for more information.

For VPN tunneling to communicate, the following ports must be open:
  • UDP port 4242 on loopback address
  • TCP port 443
  • If using ESP mode, the UDP port configured on the device ( default is UDP 4500).
The VPN tunneling option provides secure, SSL-based network-level remote access to all enterprise application resources using the device over port 443. Port 4242 is used for IPC communication between the VPN tunneling service and the VPN tunnel executable on the client PC. 
Please download and install the hotfix for your Windows version which is available from Microsoft Support. 

Windows 8

Windows 8.1
Related Links
Attachment 1 
Created ByAbigail Glasco



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255