VPN Client UDP Ports

Unanswered Question
Feb 9th, 2008
User Badges:

Our VPN 3005 router is allowing ISAKMP connections from clients when the client connection is UDP port 500 to UDP port 500. However, some remote clients seem to be trying UDP port XXX to UPD port 500 connections and these are being rejected.

Any thoughts why a client would attempt an ISAKMP connection with a source port that is not UDP 500?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srue Sun, 02/10/2008 - 19:20
User Badges:
  • Blue, 1500 points or more

Their vpn clients are behind some sort of NAT/PAT device. Make sure you have enabled NAT-T on your vpn3005.

khinze Wed, 04/23/2008 - 07:42
User Badges:

I am seeing the same thing. Only it is with the Cisco 5.x IPSec Client. It connects with an ephemeral source and a dest of UDP:500. This is wreaking havoc on our ACL's.


Anyone know how to disable this behavior in the client?

Actions

This Discussion