VPN-Client V5 uses other Port than UDP 500 for isakmp

Unanswered Question
Nov 5th, 2007

We have a ASA 5540 with SW Ver. 7.2(2).

If I try to connect with VPN-Client 4.8, it will work. But with VPN-Client 5 it doesn't work.

After Capturing the Inital Packets from the Client, I see only one difference. VPNC V4.8 used as Source Port UDP 500 (isakmp), while VPNC V5 used Port UDP 1501.

In the ASA Logfile I see the following message:

7 Nov 05 2007 10:47:03 710005 vpn-oedatdos UDP request discarded from to Oedatdos:vpn-oedatdos/500

As explanation I get the following text:

This message appears when the security appliance does not have a UDP server that services the UDP request.

Is this a configuration problem in the ASA, or must I upgrade on SW Ver 8.0(2)?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
irisrios Mon, 11/12/2007 - 07:12

Make sure that the port number 1501 is not blocked in the path between the client and the server. If port is not blocked you can upgrade the client software to version 8.0(2).

MBeppler Tue, 11/13/2007 - 00:38

The Port 1501 is not blocked. But we have no entry for this port in the Access Rules on the ASA. Can this be the problem?

In the meantime, I have the ASA upgraded to software version 8.0(3). The problem is the same as before.


guibarati Tue, 11/13/2007 - 04:55

This is the source port of the connection, it does not matter, it can be any port, as you can see the destination port is correct, it's 500.

When you mark the box "allow ipsec traffic to passtrhough access list" it allow all needed port.

maybe you need to enable nat-t on it


This Discussion