EAPoUDP failed to get a response from host

Unanswered Question
Jan 26th, 2009
User Badges:

Hi guys!

I'm running ASA 8.0(4) code and trying to do NAC Framework on it to posture my VPN clients. However, anytime client "VPNs" in, it gets "clientless". Here is the log snip:

%ASA-6-335001: NAC session initialized -

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault -

%ASA-6-334001: EAPoUDP association initiated -

%ASA-5-334006: EAPoUDP failed to get a response from host -

%ASA-6-334004: Authentication request for NAC Clientless host -

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault -

%ASA-5-334005: Host put into NAC Hold state -

%ASA-6-334007: EAPoUDP association terminated -

CTA is running and it's 2.1.103. Personal FW is off and CTA is working fine with the switch as a NAD.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Mon, 02/02/2009 - 14:00
User Badges:
  • Silver, 250 points or more

You may want to do a sanity check on whether or not ASA is sourcing the EoU traffic from the correct interface.

Does a packet capture on the client then clear eou on the ASA. Make sure EoU traffic is sourced from the ASA's.

sasa.popravak Wed, 02/04/2009 - 06:36
User Badges:

Thanx mchin345,

I did the packet capture and only caught two packets, both sourced from my physical LAN adapter's IP, port UDP/21862, and with destionation ASA's outside interface, port UDP/1024. There were no reply cought, though.

Isn't this odd? I would expect this to be sourced from ASA's port greater than 1024 and destination to be UDP/21862. At least that. Aside the fact that communication is going "outside" the tunnel, which is not possible, when the tunnel is up.

I did the capture using my laptop and wireshark.

Am I mistaking on this?




This Discussion