Showing results for 
Search instead for 
Did you mean: 

Community Helping Community


IPSec Clients with 0 traffic

Yes I am aware that IPSec client is no longer supported, hence I'm here. I have remote lab instruments that are still using IPSec.


The condition I'm having is this - some, most, connect just fine. They are connecting on via UDP 10000 (IPSec over UDP) and I've confirmed the distant end is allowing that.


What I'm seeing is this:


On devices that connect fine:


 local crypto endpt.:, remote crypto endpt.: x.x.x.x/10000


On devices that do not:


local crypto endpt.:, remote crypto endpt.: x.x.x.x/0


Remote crypto endpt has a port of 0?


I've verified that the devices are landing on the same crypto map, same tunnel-group, same group-policy, etc, etc.



Yes, my firewall is behind a NAT - yes I know I should be using NAT-T. No I cannot for some reason since enabling NAT-T breaks over half our site to site tunnels... Usually around 75 of them.


Any thoughts?



Everyone's tags (2)
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here