EAPoUDP failed to get a response from host

sasa.popravak · ‎01-26-2009

Hi guys!

I'm running ASA 8.0(4) code and trying to do NAC Framework on it to posture my VPN clients. However, anytime client "VPNs" in, it gets "clientless". Here is the log snip:

%ASA-6-335001: NAC session initialized - 10.1.149.1.

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault - 10.1.149.1.

%ASA-6-334001: EAPoUDP association initiated - 10.1.149.1.

%ASA-5-334006: EAPoUDP failed to get a response from host - 10.1.149.1.

%ASA-6-334004: Authentication request for NAC Clientless host - 10.1.149.1.

%ASA-5-335003: NAC Default ACL applied, ACL:aclNACDefault - 10.1.149.1.

%ASA-5-334005: Host put into NAC Hold state - 10.1.149.1.

%ASA-6-334007: EAPoUDP association terminated - 10.1.149.1.

CTA is running and it's 2.1.103. Personal FW is off and CTA is working fine with the switch as a NAD.

mchin345 · ‎02-02-2009

You may want to do a sanity check on whether or not ASA is sourcing the EoU traffic from the correct interface.

Does a packet capture on the client then clear eou on the ASA. Make sure EoU traffic is sourced from the ASA's.

sasa.popravak · ‎02-04-2009

Thanx mchin345,

I did the packet capture and only caught two packets, both sourced from my physical LAN adapter's IP, port UDP/21862, and with destionation ASA's outside interface, port UDP/1024. There were no reply cought, though.

Isn't this odd? I would expect this to be sourced from ASA's port greater than 1024 and destination to be UDP/21862. At least that. Aside the fact that communication is going "outside" the tunnel, which is not possible, when the tunnel is up.

I did the capture using my laptop and wireshark.

Am I mistaking on this?

Regs,

Sasa