Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN ipsec and port 500

 

Hi Everyone,

 

I connected to VPN IPSEC RA connection.

Connection works fine.

Here is setup

 

PC---R1----R2--R3--------------ISP----------------ASA

I check on R3

R3 CBAC is configured.

 

R3#         sh ip inspect sessions | inc 96.51.x.x
 Session 65719DB4 (192.168.98.6:59936)=>(96.51.x.x:4500) udp SIS_OPEN

When ipsec vpn connection is established it only shows that it is connected on port 4500 not 500?

is this default behaviour?

Initally when  it was establishing theVPN  connection it was showing both udp 500 and 4500 ports.

 

Regards

MAhesh

 

 

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
New Member

There is NAT/PAT in between

There is NAT/PAT in between R3 and ASA. as you use private IP address(192.168.98.6) to setup the ipsec session.  IKE will detect NAT/PAT exist by NAT-D payload. IKE will use UDP 4500 to negotiate ISAKMP rather than UDP 500. Afterwards, ESP traffic is also encapsulated in UDP 4500, in this way  it can traverse NAT/PAT safely.

So this behavior is expected. 

 

 

 

 

 

 

 

 

New Member

You can refer this RFC for

You can refer this RFC for more details: UDP Encapsulation of IPsec ESP Packets

http://www.ietf.org/rfc/rfc3948.txt.pdf

 

 

4 REPLIES
New Member

There is NAT/PAT in between

There is NAT/PAT in between R3 and ASA. as you use private IP address(192.168.98.6) to setup the ipsec session.  IKE will detect NAT/PAT exist by NAT-D payload. IKE will use UDP 4500 to negotiate ISAKMP rather than UDP 500. Afterwards, ESP traffic is also encapsulated in UDP 4500, in this way  it can traverse NAT/PAT safely.

So this behavior is expected. 

 

 

 

 

 

 

 

 

New Member

 Hi David_cheThanks for the

 

Hi David_che

Thanks for the reply.

If you can explain in detail that will be much appreciated.

Regards

MAhesh

New Member

You can refer this RFC for

You can refer this RFC for more details: UDP Encapsulation of IPsec ESP Packets

http://www.ietf.org/rfc/rfc3948.txt.pdf

 

 

New Member

 Thanks DavidMAhesh

 

Thanks David

MAhesh

194
Views
0
Helpful
4
Replies
CreatePlease to create content