Sending UDP pings with source port 501 from host 10.30.19.1, source port 501 (inside) to an outside host (e.g. 10.30.32.6, dest. port 500) are blocked from by the PIX. I just see the following logging entries:
302015: Built outbound UDP connection 44476 for out_RTRC1:10.30.32.6/500 (10.30.32.6/500) to in_SGRC1:10.30.19.1/501 (10.30.19.1/501)
302015: Built outbound UDP connection 44483 for out_RTRC1:10.30.32.10/500 (10.30.32.10/500)
to in_SGRC1:10.30.19.1/501 (10.30.19.1/501)
302016: Teardown UDP connection 44374 for out_RTRC1:10.30.32.26/500
to in_SGRC1:10.30.19.1/500 duration 0:33:58 bytes 28996
302015: Built inbound UDP connection 44457 for out_RTRC1:10.30.32.26/500 (10.30.32.26/500)
to in_SGRC1:10.30.19.1/500 (10.30.19.1/500)
The traffic is not blocked by an access-rule (think so), but I can't see any reason for this behaviour. Also a debugging on the router connected to the outside interface of the PIX didn't show this udp packets coming in.
Normally upd port 500 is ued for IKE protocol. Could it be that the PIX has problems when udp pings are sent on the same dest. port?
Please find bellow the config of my PIX, any help is very welcome.
Starting from your basic config, I can see int e1, e4 and e5 are shutdown so I wont comment about those. but why have u chosen to give your int e2 and e3 the same security level of 20?? Defeats the whole principle behind ASA and to my knowlege not a supported config.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :