IP Sec problem for *some* users

Unanswered Question


I am having real problems getting some users onto our VPN. UDP 500, UDP 4500 and ESP are all being allowed through our firewall and we have existing users coming through fine and authenticating to the VPN Conc. However, some users, with the same client profile etc are being prevented. I got some logs last week which showed the following (non-Cisco firewall)

04/04/2008,13:34:31 +0100,81.x.x.x,10.200.x.x,UDP,5454,500,-,0,12,8,-,-,OUTBOUND

with the 81.x.x.x being the source IP and 10.200.x.x being destination. What I don't understand is why UDP 5454 is showing when other users - that connect fine show this (UDP 4500 etc)see below

04/04/2008,13:34:31 +0100,81.x.x.x,10.200.x.x,UDP,4500,4500,-,1,12,8,-,-,OUTBOUND

Is the destination address (10.200.x.x) blocking the packets for the users that are having problems?

Any help much appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thomas.chen Fri, 04/11/2008 - 10:47
User Badges:
  • Silver, 250 points or more

check if the cleint credetials are correct?

michael.leblanc Fri, 06/20/2008 - 11:56
User Badges:
  • Silver, 250 points or more

This may have been related to NAT discovery.

Note that the "destination" port was UDP 500, and not UDP 4500 (non500-isakmp, IPSec-over-UDP).

a.alekseev Sun, 06/22/2008 - 23:49
User Badges:
  • Gold, 750 points or more

as alternative

try to use ipsec over tcp

04/04/2008,13:34:31 +0100,81.x.x.x,10.200.x.x,UDP,5454,500,-,0,12,8,-,-,OUTBOUND

you should check on the client which UDP port was used as a source port. It possible some device chandge the source port.


This Discussion