EAPoUDP failed to get a response from host

Unanswered Question
Jan 26th, 2009
User Badges:


Hi guys!


I'm running ASA 8.0(4) code and trying to do NAC Framework on it to posture my VPN clients. However, anytime client "VPNs" in, it gets "clientless". Here is the log snip:


%ASA-6-335001: NAC session initialized - 10.1.149.1.

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault - 10.1.149.1.

%ASA-6-334001: EAPoUDP association initiated - 10.1.149.1.

%ASA-5-334006: EAPoUDP failed to get a response from host - 10.1.149.1.

%ASA-6-334004: Authentication request for NAC Clientless host - 10.1.149.1.

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault - 10.1.149.1.

%ASA-5-334005: Host put into NAC Hold state - 10.1.149.1.

%ASA-6-334007: EAPoUDP association terminated - 10.1.149.1.


CTA is running and it's 2.1.103. Personal FW is off and CTA is working fine with the switch as a NAD.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Mon, 02/02/2009 - 14:00
User Badges:
  • Silver, 250 points or more

You may want to do a sanity check on whether or not ASA is sourcing the EoU traffic from the correct interface.

Does a packet capture on the client then clear eou on the ASA. Make sure EoU traffic is sourced from the ASA's.


sasa.popravak Wed, 02/04/2009 - 06:36
User Badges:

Thanx mchin345,


I did the packet capture and only caught two packets, both sourced from my physical LAN adapter's IP, port UDP/21862, and with destionation ASA's outside interface, port UDP/1024. There were no reply cought, though.


Isn't this odd? I would expect this to be sourced from ASA's port greater than 1024 and destination to be UDP/21862. At least that. Aside the fact that communication is going "outside" the tunnel, which is not possible, when the tunnel is up.


I did the capture using my laptop and wireshark.


Am I mistaking on this?


Regs,

Sasa


Actions

This Discussion