Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SA520W Site to Site VPN UDP 5093 traffic

I am having an issue running a network application that uses UDP 5093 to access a license server over an IPSec site to site VPN. I have disabled both the Windows and Anti-Virus firewalls on both sides of the connection. Using Wireshark I can see that the client is sending the request but the server side is not receiving it. Would the SA520W firewall be blocking this port?

4 REPLIES
New Member

SA520W Site to Site VPN UDP 5093 traffic

I performed some additional tests using both a Cisco VPN client connection and SSL VPN Portal into the router where the license server exists.

When using the VPN client connection, I get the same behavior as the remote client going through the Site-to-Site tunnel. The application times out and displays a message about making sure that UDP port 5093 being open on the firewall.

When using the Cisco SSL VPN portal, I am able to successfully launch the network licensed application.

How do I get this to work over the IPSec tunnels? Both the remote and local site have SA520W's with the 2.1.18 firmware.

New Member

SA520W Site to Site VPN UDP 5093 traffic

I created a firewall rule on the SA520W that the license server sits behind that opens UDP port 5093 to the WAN IP Address (NAT to license server IP address). If I edit the application settings on the remote client to point to the remote WAN IP Address, the application launches successfully and pulls a license from the server. Still puzzled about this not working through the IPSec tunnel.

Cisco Employee

SA520W Site to Site VPN UDP 5093 traffic

Hi Doug,

Have you tried upgrading to the latest MR, and testing if you see the same behavior?

If you don't mind me asking, is the application/server you are trying to reach a QuickTest Pro License Manager or another?

If you are still seeing the issue, the development team would like to obtain the debuglog from your SA500 to determine the cause of requests not reaching server.

To obtain the debuglog from your SA500, please enter the following URL after you logged in to your SA500:

https://ip_address_of_sa500/scgi-bin/dbglog.cgi

I have sent you a Private message with my email address where you can send me the debuglog.  Please note that the file will contains passwords, so please  remove/change them before sending the file.

Best regards,

Julio

New Member

SA520W Site to Site VPN UDP 5093 traffic

Hello Julio,

We are running the 2.1.51 firmware on the SA520W now and the application server is running the Sentinel RMS License Manager. I will need to enable the logging and run some tests again.

Regards,

Doug

1969
Views
0
Helpful
4
Replies
CreatePlease login to create content