Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN-Client V5 uses other Port than UDP 500 for isakmp

We have a ASA 5540 with SW Ver. 7.2(2).

If I try to connect with VPN-Client 4.8, it will work. But with VPN-Client 5 it doesn't work.

After Capturing the Inital Packets from the Client, I see only one difference. VPNC V4.8 used as Source Port UDP 500 (isakmp), while VPNC V5 used Port UDP 1501.

In the ASA Logfile I see the following message:

7 Nov 05 2007 10:47:03 710005 172.30.225.253 vpn-oedatdos UDP request discarded from 172.30.225.253/1756 to Oedatdos:vpn-oedatdos/500

As explanation I get the following text:

This message appears when the security appliance does not have a UDP server that services the UDP request.

Is this a configuration problem in the ASA, or must I upgrade on SW Ver 8.0(2)?

Thanks

Michael

3 REPLIES
Silver

Re: VPN-Client V5 uses other Port than UDP 500 for isakmp

Make sure that the port number 1501 is not blocked in the path between the client and the server. If port is not blocked you can upgrade the client software to version 8.0(2).

New Member

Re: VPN-Client V5 uses other Port than UDP 500 for isakmp

The Port 1501 is not blocked. But we have no entry for this port in the Access Rules on the ASA. Can this be the problem?

In the meantime, I have the ASA upgraded to software version 8.0(3). The problem is the same as before.

Michael

Bronze

Re: VPN-Client V5 uses other Port than UDP 500 for isakmp

This is the source port of the connection, it does not matter, it can be any port, as you can see the destination port is correct, it's 500.

When you mark the box "allow ipsec traffic to passtrhough access list" it allow all needed port.

maybe you need to enable nat-t on it

259
Views
0
Helpful
3
Replies
CreatePlease to create content