I think I posted this in the wrong forum initially. I hope I have better luck here.
I'm attempting to implement DMVPN between a 2621(12.3(26); spoke) and a 3640(12.4(23); hub) over the Internet. I'm currently seeing an issue when the 2621 initiates the ISAKMP SA, the 3640 receives the correct packet, but the wrong sport is indicated.
received packet from X.X.X.X dport 500 sport 1 Global (R) MM_SA_SETUP
sending packet to X.X.X.X my_port 500 peer_port 1 (R) MM_SA_SETUP
The 2621 is specifying a dport of 500 with a sport of 500 in the debug output. The 3640 continues with the next few steps of the ISAKMP negotiation, but sends the reply back to the 2621 on port 1 instead of port 500.
Has anyone seen this and/or can assist with this? I've looked around a bit and I've not found another similar instance of this issue. Any assistance is appreciated. Thank you.
Re: IKE Phase 1 not completing due to changed port
Hmm... Very odd, but apparently a reboot and a day give it enough time to allow this to correct itself. I'd like to say that it has something to do with the NAT-T ACL line I added, but I don't see any hits for it. So, it's working now, but I'm sorry I don't have a more technical answer as to why or exactly how the issue was resolved. Thank you.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :