Solved: IkeReceiverInit, unable to bind to port

Steven Williams · ‎01-16-2014

IkeReceiverInit, unable to bind to port

I cannot enable IKE v1 on the outside interface

How do I fix this?

Itzcoatl Espinosa · ‎01-16-2014

That ip address should not be using those ports. Could you try the following

1. clear local-host x.x.x.x

2. Remove and re apply the nat statement which is causing this

regards,

View solution in original post

Itzcoatl Espinosa · ‎01-16-2014

Hi Steven,

Mainly, this is caused by misconfiguration, meaning, the Interface where Isakmp is binded, has already a NAT statement that will forward the packet to another destination for port 500, normally caused by a PAT statement.

The quick way to find this is out is using the following command along with the following string:

msgasa1(config)# sh xlate | inc 500

The solution is the clear the current Xlate that is using the port 500

1 clear xlate local x.x.x.x lport

2. Run again the command Isakmp enable outside.

I hope it helps,

regards,

Itzcoatl

Itzcoatl Espinosa · ‎01-16-2014

Steven,

Please do not forget to rate the answer if it helped you to solve your issue.

regards,

Itzcoatl

Steven Williams · ‎01-16-2014

the IP address keeps grabbing port 4500 and 500...how can i exclude these from the PAT?

Itzcoatl Espinosa · ‎01-16-2014

That ip address should not be using those ports. Could you try the following

1. clear local-host x.x.x.x

2. Remove and re apply the nat statement which is causing this

regards,

Steven Williams · ‎01-16-2014

Should I exclude these ports from the overall PAT statement somehow?

How do I know that after i enable it a client wont use those ports again??

Itzcoatl Espinosa · ‎01-16-2014

Hi Steven,

Unfortunately there is no way to exclude those ports. After clearing the xlate and applying the crypto map the issue should be resolved.

For my experience those issues do not come back.

regards,

Itzcoatl