01-16-2014 07:47 AM
IkeReceiverInit, unable to bind to port
I cannot enable IKE v1 on the outside interface
How do I fix this?
Solved! Go to Solution.
01-16-2014 08:02 AM
That ip address should not be using those ports. Could you try the following
1. clear local-host x.x.x.x
2. Remove and re apply the nat statement which is causing this
regards,
01-16-2014 07:50 AM
Hi Steven,
Mainly, this is caused by misconfiguration, meaning, the Interface where Isakmp is binded, has already a NAT statement that will forward the packet to another destination for port 500, normally caused by a PAT statement.
The quick way to find this is out is using the following command along with the following string:
msgasa1(config)# sh xlate | inc 500
The solution is the clear the current Xlate that is using the port 500
1 clear xlate local x.x.x.x lport
2. Run again the command Isakmp enable outside.
I hope it helps,
regards,
Itzcoatl
01-16-2014 07:51 AM
Steven,
Please do not forget to rate the answer if it helped you to solve your issue.
regards,
Itzcoatl
01-16-2014 07:55 AM
the IP address keeps grabbing port 4500 and 500...how can i exclude these from the PAT?
01-16-2014 08:02 AM
That ip address should not be using those ports. Could you try the following
1. clear local-host x.x.x.x
2. Remove and re apply the nat statement which is causing this
regards,
01-16-2014 08:58 AM
Should I exclude these ports from the overall PAT statement somehow?
How do I know that after i enable it a client wont use those ports again??
01-16-2014 09:27 AM
Hi Steven,
Unfortunately there is no way to exclude those ports. After clearing the xlate and applying the crypto map the issue should be resolved.
For my experience those issues do not come back.
regards,
Itzcoatl
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: