10-15-2008 01:52 PM - edited 03-11-2019 06:57 AM
Hi There
I get the following log message when I try to connect to my ASA 5520 running 8.0(3) with VPN Client 5.0.03.0560
%ASA-7-710005: TCP request discarded from ...
I have no problems when I connect via UDP, then everything runs smoothly, have any of You any Ideas have this occurs !!!
Many thanks in advance.
Jesper Damsgaard, Bankdata, Denmark
Solved! Go to Solution.
10-15-2008 02:41 PM
I've pool this message: sometimes these are helpful in giving clues
710005
Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from
source_address/source_port to interface_name:dest_address/service
Explanation This message appears when the security appliance does not have a UDP server that services the UDP request. The message can also indicate a TCP packet that does not belong to any session on the security appliance. In addition, this message appears (with the service snmp) when the security appliance receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is snmp, this message occurs a maximum of 1 time every 10 seconds so that the log receiver is not overwhelmed.
One thing I can think of:
It is possible, in your VPN client connection profile transport TAB you have Ipsec over UDP( NAT /PAT) enable transparent tunneling which is actually the default.
when you select Ipsec over TCP port 10000 in the client and asa is not setup for ipsec over tcp I believe this is the error your are getting in that message.The asa is not setup for Ipsec over TCP port 10000, to do that in asa you need:
asa(config)#crypto isakmp ipsec-over-tcp port 10000
then you can select in the vpn client profile connection Transport tab Ipsec over TCP 10000 and try connecting using this transport.
Hopefully this could be your problem
HTH
Jorge
10-15-2008 02:30 PM
Just a little bit more information:
sysopt connection permit-vpn
Is configured on the ASA
Jesper
10-15-2008 02:41 PM
I've pool this message: sometimes these are helpful in giving clues
710005
Error Message %PIX|ASA-7-710005: {TCP|UDP} request discarded from
source_address/source_port to interface_name:dest_address/service
Explanation This message appears when the security appliance does not have a UDP server that services the UDP request. The message can also indicate a TCP packet that does not belong to any session on the security appliance. In addition, this message appears (with the service snmp) when the security appliance receives an SNMP request with an empty payload, even if it is from an authorized host. When the service is snmp, this message occurs a maximum of 1 time every 10 seconds so that the log receiver is not overwhelmed.
One thing I can think of:
It is possible, in your VPN client connection profile transport TAB you have Ipsec over UDP( NAT /PAT) enable transparent tunneling which is actually the default.
when you select Ipsec over TCP port 10000 in the client and asa is not setup for ipsec over tcp I believe this is the error your are getting in that message.The asa is not setup for Ipsec over TCP port 10000, to do that in asa you need:
asa(config)#crypto isakmp ipsec-over-tcp port 10000
then you can select in the vpn client profile connection Transport tab Ipsec over TCP 10000 and try connecting using this transport.
Hopefully this could be your problem
HTH
Jorge
10-20-2008 03:01 AM
Hi Jorge
Yes, You were absolutely right, after entering the command as outlined the communication works.
I would like to thank You for Your time an effort in resolving this issue for me.
I will write to Cisco, so that they will include this information in the documentation where they discribe now this is set up:
http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide