Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
871
Views
0
Helpful
3
Replies

837 RA IPSec VPN client can not connect from internet

bluesteel
Level 1
Level 1

‎05-10-2022 01:48 PM

 I have a cisco 837 acting as IPsec RA VPN Server. VPN clients can connect successfully locally from LAN. 

 

 When connecting from internet I connect to the 837 tep but tunnel negotiation fails. 

 

 Only differences from internal LAN connection are:

 

1. Connecting from internet through iphone hotspot

2. Client requests sourced from internet come through talktalk home router outside WAN interface

 

 I have allowed udp_500 and udp_4500 to the 837 VPN tep through the talktalk router. They connect and start negotiating but negotiation fails.

 

 Does anybody know why?

 

 

 

837> debug crypto isakmp 

 

2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2459: May 10 20:17:18.634: ISAKMP (0:0): received packet from 213.205.192.234 dport 500 sport 33052 Global (N) NEW SA
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2460: May 10 20:17:18.638: ISAKMP: Created a peer struct for 213.205.192.234, peer port 33052
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2461: May 10 20:17:18.638: ISAKMP: Locking peer struct 0x81CEA304, IKE refcount 1 for crypto_isakmp_process_block
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2462: May 10 20:17:18.638: ISAKMP:(0:0:N/A:0):Setting client config settings 81C7D978
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2463: May 10 20:17:18.638: ISAKMP:(0:0:N/A:0):(Re)Setting client xauth list and state
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2464: May 10 20:17:18.638: ISAKMP/xauth: initializing AAA request
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2465: May 10 20:17:18.642: ISAKMP: local port 500, remote port 33052
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2466: May 10 20:17:18.642: insert sa successfully sa = 81CED728
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2467: May 10 20:17:18.642: ISAKMP:(0:1:HW:2): processing SA payload. message ID = 0
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2468: May 10 20:17:18.646: ISAKMP:(0:1:HW:2): processing ID payload. message ID = 0
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2469: May 10 20:17:18.646: ISAKMP (0:268435457): ID payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2470: next-payload : 13
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2471: type : 11
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2472: group id : cisco
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2473: protocol : 0
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2474: port : 0
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2475: length : 13
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2476: May 10 20:17:18.646: ISAKMP:(0:1:HW:2):: peer matches *none* of the profiles
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2477: May 10 20:17:18.646: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2478: May 10 20:17:18.646: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 21 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2479: May 10 20:17:18.646: ISAKMP:(0:1:HW:2): vendor ID is XAUTH
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2480: May 10 20:17:18.646: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2481: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 221 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2482: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2483: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 168 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2484: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2485: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 123 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2486: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2487: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2488: May 10 20:17:18.650: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 157 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2489: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v3
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2490: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2491: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 69 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2492: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2493: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 194 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2494: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2495: May 10 20:17:18.654: ISAKMP:(0:1:HW:2): vendor ID is DPD
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2496: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2497: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 12 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2498: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2499: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 237 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2500: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2501: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 19 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2502: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2503: May 10 20:17:18.658: ISAKMP:(0:1:HW:2): vendor ID seems Unity/DPD but major 83 mismatch
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2504: May 10 20:17:18.662: ISAKMP:(0:1:HW:2): processing vendor id payload
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2505: May 10 20:17:18.662: ISAKMP:(0:1:HW:2): vendor ID is Unity
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2506: May 10 20:17:18.662: ISAKMP:(0:1:HW:2): Authentication by xauth preshared
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2507: May 10 20:17:18.662: ISAKMP:(0:1:HW:2):Checking ISAKMP transform 1 against priority 10 policy
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2508: May 10 20:17:18.662: ISAKMP: encryption AES-CBC
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2618: May 10 20:17:18.710: ISAKMP: encryption BLOWFISH-CBC
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2620: May 10 20:17:18.710: ISAKMP: hash SHA
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2621: May 10 20:17:18.710: ISAKMP: default group 2
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2623: May 10 20:17:18.710: ISAKMP: life type in seconds
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2624: May 10 20:17:18.710: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2625: May 10 20:17:18.710: ISAKMP:(0:1:HW:2):Encryption algorithm offered does not match policy!
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2626: May 10 20:17:18.710: ISAKMP:(0:1:HW:2):atts are not acceptable. Next payload is 3
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2627: May 10 20:17:18.714: ISAKMP:(0:1:HW:2):Checking ISAKMP transform 13 against priority 10 policy
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2628: May 10 20:17:18.714: ISAKMP: encryption 3DES-CBC
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2629: May 10 20:17:18.714: ISAKMP: hash MD5
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2630: May 10 20:17:18.714: ISAKMP: default group 2
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2631: May 10 20:17:18.714: ISAKMP: auth XAUTHInitPreShared
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2632: May 10 20:17:18.714: ISAKMP: life type in seconds
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2633: May 10 20:17:18.714: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
2022-05-09 03:36:07 Local7.Debug 10.10.10.10 2634: May 10 20:17:18.714: ISAKMP:(0:1:HW:2):atts are acceptable. Next payload is 3
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2635: May 10 20:17:19.246: ISAKMP:(0:1:HW:2): processing KE payload. message ID = 0
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2636: May 10 20:17:19.698: ISAKMP:(0:1:HW:2): processing NONCE payload. message ID = 0
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2637: May 10 20:17:19.698: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v2
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2638: May 10 20:17:19.698: ISAKMP:(0:1:HW:2): vendor ID is NAT-T v3
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2639: May 10 20:17:19.702: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_PEER, IKE_AM_EXCH
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2640: May 10 20:17:19.702: ISAKMP:(0:1:HW:2):Old State = IKE_READY New State = IKE_R_AM_AAA_AWAIT
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2641:
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2642: May 10 20:17:19.706: ISAKMP:(0:1:HW:2):SKEYID state generated
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2643: May 10 20:17:19.706: ISAKMP:(0:1:HW:2): constructed NAT-T vendor-03 ID
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2644: May 10 20:17:19.706: ISAKMP:(0:1:HW:2):SA is doing
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2645: pre-shared key authentication plus XAUTH using id type ID_IPV4_ADDR
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2646: May 10 20:17:19.706: ISAKMP (0:268435457): ID payload
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2647: next-payload : 10
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2648: type : 1
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2649: address : 10.10.10.10
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2650: protocol : 17
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2651: port : 0
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2652: length : 12
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2653: May 10 20:17:19.706: ISAKMP:(0:1:HW:2):Total payload length: 12
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2654: May 10 20:17:19.710: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2655: May 10 20:17:19.714: ISAKMP:(0:1:HW:2):Input = IKE_MESG_FROM_AAA, PRESHARED_KEY_REPLY
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2656: May 10 20:17:19.714: ISAKMP:(0:1:HW:2):Old State = IKE_R_AM_AAA_AWAIT New State = IKE_R_AM2
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2657:
2022-05-09 03:36:08 Local7.Debug 10.10.10.10 2658: May 10 20:17:20.006: ISAKMP (0:0): received packet from 213.205.192.234 dport 500 sport 7344 Global (N) NEW SA
2022-05-09 03:36:09 Local7.Warning 10.10.10.10 2659: May 10 20:17:20.006: %CRYPTO-4-IKMP_NO_SA: IKE message from 213.205.192.234 has no SA and is not an initialization offer
2022-05-09 03:36:09 Local7.Warning 10.10.10.10 2660: May 10 20:17:20.018: %CRYPTO-4-IKMP_PKT_OVERFLOW: ISAKMP message from 213.205.192.234 larger (3424390) than the UDP packet length (80)
2022-05-09 03:36:19 Local7.Debug 10.10.10.10 2661: May 10 20:17:29.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:36:19 Local7.Debug 10.10.10.10 2662: May 10 20:17:29.714: ISAKMP:(0:1:HW:2):incrementing error counter on sa: retransmit phase 1
2022-05-09 03:36:19 Local7.Debug 10.10.10.10 2663: May 10 20:17:29.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH
2022-05-09 03:36:19 Local7.Debug 10.10.10.10 2664: May 10 20:17:29.714: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:36:19 Local7.Debug 10.10.10.10 2665: May 10 20:17:30.294: ISAKMP (0:0): received packet from 213.205.192.234 dport 500 sport 7344 Global (N) NEW SA
2022-05-09 03:36:29 Local7.Debug 10.10.10.10 2666: May 10 20:17:39.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:36:29 Local7.Debug 10.10.10.10 2667: May 10 20:17:39.714: ISAKMP:(0:1:HW:2):incrementing error counter on sa: retransmit phase 1
2022-05-09 03:36:29 Local7.Debug 10.10.10.10 2668: May 10 20:17:39.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH
2022-05-09 03:36:29 Local7.Debug 10.10.10.10 2669: May 10 20:17:39.714: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:36:29 Local7.Debug 10.10.10.10 2670: May 10 20:17:40.206: ISAKMP (0:0): received packet from 213.205.192.234 dport 500 sport 7344 Global (N) NEW SA
2022-05-09 03:36:39 Local7.Debug 10.10.10.10 2671: May 10 20:17:49.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:36:39 Local7.Debug 10.10.10.10 2672: May 10 20:17:49.714: ISAKMP:(0:1:HW:2):incrementing error counter on sa: retransmit phase 1
2022-05-09 03:36:39 Local7.Debug 10.10.10.10 2673: May 10 20:17:49.714: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH
2022-05-09 03:36:39 Local7.Debug 10.10.10.10 2674: May 10 20:17:49.714: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:36:39 Local7.Debug 10.10.10.10 2675: May 10 20:17:50.030: ISAKMP (0:0): received packet from 213.205.192.234 dport 500 sport 7344 Global (N) NEW SA
2022-05-09 03:36:49 Local7.Debug 10.10.10.10 2676: May 10 20:17:59.722: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:36:49 Local7.Debug 10.10.10.10 2677: May 10 20:17:59.722: ISAKMP:(0:1:HW:2):incrementing error counter on sa: retransmit phase 1
2022-05-09 03:36:49 Local7.Debug 10.10.10.10 2678: May 10 20:17:59.722: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH
2022-05-09 03:36:49 Local7.Debug 10.10.10.10 2679: May 10 20:17:59.722: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:36:59 Local7.Debug 10.10.10.10 2680: May 10 20:18:09.726: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:36:59 Local7.Debug 10.10.10.10 2681: May 10 20:18:09.726: ISAKMP:(0:1:HW:2):incrementing error counter on sa: retransmit phase 1
2022-05-09 03:36:59 Local7.Debug 10.10.10.10 2682: May 10 20:18:09.726: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH
2022-05-09 03:36:59 Local7.Debug 10.10.10.10 2683: May 10 20:18:09.726: ISAKMP:(0:1:HW:2): sending packet to 213.205.192.234 my_port 500 peer_port 33052 (R) AG_INIT_EXCH
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2684: May 10 20:18:19.725: ISAKMP:(0:1:HW:2): retransmitting phase 1 AG_INIT_EXCH...
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2685: May 10 20:18:19.725: ISAKMP:(0:1:HW:2):peer does not do paranoid keepalives.
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2686:
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2687: May 10 20:18:19.725: ISAKMP:(0:1:HW:2):deleting SA reason "death by retransmission P1" state (R) AG_INIT_EXCH (peer 213.205.192.234) input queue 0
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2688: May 10 20:18:19.725: ISAKMP:(0:1:HW:2):deleting SA reason "death by retransmission P1" state (R) AG_INIT_EXCH (peer 213.205.192.234) input queue 0
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2689: May 10 20:18:19.729: ISAKMP: Unlocking IKE struct 0x81CEA304 for isadb_mark_sa_deleted(), count 0
2022-05-09 03:37:08 Local7.Debug 10.10.10.10 2690: May 10 20:18:19.729: ISAKMP: Deleting peer node by peer_reap for 213.205.192.234: 81CEA304
2022-05-09 03:37:09 Local7.Debug 10.10.10.10 2691: May 10 20:18:19.729: ISAKMP:(0:1:HW:2):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
2022-05-09 03:37:09 Local7.Debug 10.10.10.10 2692: May 10 20:18:19.729: ISAKMP:(0:1:HW:2):Old State = IKE_R_AM2 New State = IKE_DEST_SA
2022-05-09 03:37:09 Local7.Debug 10.10.10.10 2693:
2022-05-09 03:38:09 Local7.Debug 10.10.10.10 2694: May 10 20:19:19.729: ISAKMP:(0:1:HW:2):purging SA., sa=81CED728, delme=81CED728
2022-05-09 03:39:31 Local7.Warning 10.10.10.10 2695: May 10 20:20:42.406: %CRYPTO-4-IKMP_PKT_OVERFLOW: ISAKMP message from 45.93.16.46 larger (825308448) than the UDP packet length (405)

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎05-10-2022 02:09 PM

Hi Friend 
llllllllllll.png

0 Helpful

Flavio Miranda
VIP
VIP

‎05-10-2022 03:26 PM

Who is doing the NAT? this talktalk router ?

NAT can be a problem for VPN tunnel.

 

0 Helpful

bluesteel
Level 1
Level 1
In response to Flavio Miranda

‎05-10-2022 06:50 PM

hi amigo

 

 yes the crappy talktalk is doing the nat

 

 I can get shrew vpn client to connect when i use cisco-force-udp but not traffic flows over the tunnel. i see encaps when I try to ping the connected client but not decaps. Traffic seems to be going down the tunnel.

 

 I reallt want to get NAT-T enabled to work though, and dont want to really bypass the talltalk if possible. I checked the ffw logs on this piece of crap talktalk but cant see anything blocked. The talktalk has to be the issue, all that has changed is the talktalk interface that the client saource traffic from LAN to WAN. The fw log on the talktalk is crap I dont trust it sometimes it shows the connection in the log when I initiate and others times it doesnt its a piece of crap. But I did see it allow udp_4500 through, but no entry for udp_500. Both are allowed through so not sure if should see udp_500 in the logs of the talktalk but port_500 it what is always displayed in 'sh crypto ipsec sa'.

 

 Something is messing with the udp header 

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents