Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

*** Site-to-site VPN... ERROR: IkeReceiverInit, unable to bind to port ***

ASA 5510 version 8.4(3)9 with ASDM 6.4(7)

Hello -

I used the ASDM's site-to-site VPN wizard to create all settings per specs given to me by the partner end.  The wizard created all settings and pushed them successfully, except for the very last command where it binds the IPsec crypto map to the outside interface.

I followed the common troubleshooting suggestions, such as clearing the xlate table to prevent other apps from occupying the ports via PAT before the tunnel is being negotiated, but to no avail:


medusa5# clear xlate

INFO: 19 xlates deleted

medusa5# conf t

medusa5(config)# crypto isakmp enable e0-public-ECOMM

ERROR: IkeReceiverInit, unable to bind to port

medusa5(config)#

Any ideas where to look next?  Your help is much appreciated.

Matthias


Everyone's tags (5)
4 REPLIES
New Member

*** Site-to-site VPN... ERROR: IkeReceiverInit, unable to bind

Hi Matthias,

Double check that you don't have a nat rule that matches UDP 500 or 4500.

Else you could possibley hit CSCsy69368.

Uwe

New Member

*** Site-to-site VPN... ERROR: IkeReceiverInit, unable to bind

Hello Uwe -

Thanks a lot for the tip.

In fact, I do have rules involving UDP 500 but these are access rules on my internal interface to control outbound traffic (I have multiple external interfaces going to different organizations, and I need to restrict which internal clients can have access to which location with what specific services).

So, does an ACL on an inside interface containing a rule allowing specific 500/udp traffic affect my ability to bind an IPsec crypto map to an outside interface then?

Matthias

New Member

*** Site-to-site VPN... ERROR: IkeReceiverInit, unable to bind

Hello -

As can be seen in the configuration I posted with the original message, I did have a few outbound ACLs applied to the inside interface that contained udp/500 settings.  I replaced all references to udp/500 with "ip" for testing purposes and cleared the translation table again - still no luck.  Same error message as before.  What could be wrong?

Thanks,

Matthias

New Member

*** Site-to-site VPN... ERROR: IkeReceiverInit, unable to bind

Hi Matthias,

Could you unicast me your show tech please?

Also send me 'show asp table socket' output.

Thanks,

Uwe

2753
Views
0
Helpful
4
Replies
CreatePlease to create content