cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

336
Views
0
Helpful
0
Replies
Highlighted

IPSec Clients with 0 traffic

Yes I am aware that IPSec client is no longer supported, hence I'm here. I have remote lab instruments that are still using IPSec.

 

The condition I'm having is this - some, most, connect just fine. They are connecting on via UDP 10000 (IPSec over UDP) and I've confirmed the distant end is allowing that.

 

What I'm seeing is this:

 

On devices that connect fine:

 

 local crypto endpt.: 10.35.10.200/10000, remote crypto endpt.: x.x.x.x/10000

 

On devices that do not:

 

local crypto endpt.: 10.35.10.200/10000, remote crypto endpt.: x.x.x.x/0

 

Remote crypto endpt has a port of 0?

 

I've verified that the devices are landing on the same crypto map, same tunnel-group, same group-policy, etc, etc.

 

 

Yes, my firewall is behind a NAT - yes I know I should be using NAT-T. No I cannot for some reason since enabling NAT-T breaks over half our site to site tunnels... Usually around 75 of them.

 

Any thoughts?

 

 

Everyone's tags (2)
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here