ASA 5510 version 8.4(3)9 with ASDM 6.4(7)
I used the ASDM's site-to-site VPN wizard to create all settings per specs given to me by the partner end. The wizard created all settings and pushed them successfully, except for the very last command where it binds the IPsec crypto map to the outside interface.
I followed the common troubleshooting suggestions, such as clearing the xlate table to prevent other apps from occupying the ports via PAT before the tunnel is being negotiated, but to no avail:
medusa5# clear xlate
INFO: 19 xlates deleted
medusa5# conf t
medusa5(config)# crypto isakmp enable e0-public-ECOMM
ERROR: IkeReceiverInit, unable to bind to port
Any ideas where to look next? Your help is much appreciated.
Double check that you don't have a nat rule that matches UDP 500 or 4500.
Else you could possibley hit CSCsy69368.
Hello Uwe -
Thanks a lot for the tip.
In fact, I do have rules involving UDP 500 but these are access rules on my internal interface to control outbound traffic (I have multiple external interfaces going to different organizations, and I need to restrict which internal clients can have access to which location with what specific services).
So, does an ACL on an inside interface containing a rule allowing specific 500/udp traffic affect my ability to bind an IPsec crypto map to an outside interface then?
As can be seen in the configuration I posted with the original message, I did have a few outbound ACLs applied to the inside interface that contained udp/500 settings. I replaced all references to udp/500 with "ip" for testing purposes and cleared the translation table again - still no luck. Same error message as before. What could be wrong?
Could you unicast me your show tech please?
Also send me 'show asp table socket' output.