SA520W Site to Site VPN UDP 5093 traffic

Unanswered Question
Jun 22nd, 2011

I am having an issue running a network application that uses UDP 5093 to access a license server over an IPSec site to site VPN. I have disabled both the Windows and Anti-Virus firewalls on both sides of the connection. Using Wireshark I can see that the client is sending the request but the server side is not receiving it. Would the SA520W firewall be blocking this port?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
brierleyIT Thu, 06/30/2011 - 05:46

I performed some additional tests using both a Cisco VPN client connection and SSL VPN Portal into the router where the license server exists.

When using the VPN client connection, I get the same behavior as the remote client going through the Site-to-Site tunnel. The application times out and displays a message about making sure that UDP port 5093 being open on the firewall.

When using the Cisco SSL VPN portal, I am able to successfully launch the network licensed application.

How do I get this to work over the IPSec tunnels? Both the remote and local site have SA520W's with the 2.1.18 firmware.

brierleyIT Wed, 07/06/2011 - 07:24

I created a firewall rule on the SA520W that the license server sits behind that opens UDP port 5093 to the WAN IP Address (NAT to license server IP address). If I edit the application settings on the remote client to point to the remote WAN IP Address, the application launches successfully and pulls a license from the server. Still puzzled about this not working through the IPSec tunnel.

juliomar Fri, 11/04/2011 - 09:35

Hi Doug,

Have you tried upgrading to the latest MR, and testing if you see the same behavior?

If you don't mind me asking, is the application/server you are trying to reach a QuickTest Pro License Manager or another?

If you are still seeing the issue, the development team would like to obtain the debuglog from your SA500 to determine the cause of requests not reaching server.

To obtain the debuglog from your SA500, please enter the following URL after you logged in to your SA500:

https://ip_address_of_sa500/scgi-bin/dbglog.cgi

I have sent you a Private message with my email address where you can send me the debuglog.  Please note that the file will contains passwords, so please  remove/change them before sending the file.

Best regards,

Julio

brierleyIT Tue, 11/08/2011 - 05:46

Hello Julio,

We are running the 2.1.51 firmware on the SA520W now and the application server is running the Sentinel RMS License Manager. I will need to enable the logging and run some tests again.

Regards,

Doug

Actions

Login or Register to take actions

This Discussion

Posted June 22, 2011 at 9:06 AM
Stats:
Replies:4 Avg. Rating:
Views:1641 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard