Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN Client UDP Ports

Our VPN 3005 router is allowing ISAKMP connections from clients when the client connection is UDP port 500 to UDP port 500. However, some remote clients seem to be trying UDP port XXX to UPD port 500 connections and these are being rejected.

Any thoughts why a client would attempt an ISAKMP connection with a source port that is not UDP 500?

2 REPLIES
Gold

Re: VPN Client UDP Ports

Their vpn clients are behind some sort of NAT/PAT device. Make sure you have enabled NAT-T on your vpn3005.

New Member

Re: VPN Client UDP Ports

I am seeing the same thing. Only it is with the Cisco 5.x IPSec Client. It connects with an ephemeral source and a dest of UDP:500. This is wreaking havoc on our ACL's.

Anyone know how to disable this behavior in the client?

591
Views
0
Helpful
2
Replies
CreatePlease to create content