10-09-2015 08:21 AM
Brand new Cisco ASA 5506-X. Ran the VPN wizard. At the end, all is "OK" except an error:
Error: crypto ikev1 enable outside
failed to open "udp/localized/2/4500"
Error: Error opening IKE port 4500 on Interface outside
Come someone help me with this? Provide a fix? No CLI experience here. If you suggest creating a rule, please explain how to do that.
Thank you.
10-19-2015 01:55 PM
We have also been stuck with this for quite some time. Nothing online or in the manual, and I saw in your other post (about the same question) that yes, it is unbelievable an error message can exist and not be "googled", at least in 2015 it is unbelievable. But, like most things today, they "protect" the real goods behind 3-rd party re-sellers and make you pay additional money to fix something, when the info/answer should be google-able to begin with. We switched to Meraki and things "just worked"; the GUIs are much better (even though the intuition is still somewhat lacking -- Cisco owns them, so no surprise there).
09-21-2016 11:24 AM - edited 12-13-2018 12:49 PM
I made it so I could run the clear xlate and the commands for this fast enough the device couldn't rewrite it. Here's what I did for mine. I added clear xlate every other line. I opened ASDM then went to tools, command line. I selected multiple line. I put the commands in like this and it worked.
***EDIT*** Keep in mind if you do "clear xlate", any host using a dynamic session will drop/disconnect. Static translation will stay connected.
clear xlate
! write client profile "disk0:/AnyconnectVPN_client_profile.xml" to ASA
clear xlate
webvpn
anyconnect profiles AnyconnectVPN_client_profile disk0:/AnyconnectVPN_client_profile.xml
exit
clear xlate
crypto ikev2 enable Outside client-services port 443
clear xlate
08-22-2017 11:14 AM
08-24-2017 05:42 AM
That was a frustrating day! That's why I posted this hoping to save someone the headache I went through. Glad it helped you. In my case, it was Meraki AP's causing the issue and I couldn't just disconnect them. They ended up using a different port and the VPN is still working fine to this day.
03-31-2018 05:30 AM
Thank you. Had a similar problem and looking at your example helped me.
clear xlate
crypto ikev1 enable outside
clear xlate
09-17-2018 11:17 AM
06-02-2022 10:35 AM
Thanks for the tip! From ASDM, I was able to send the multi-command-
clear xlate
crypto ikev1 enable {insert your interface name}
05-27-2024 11:29 AM
After issuing the "clear xlate" command I was able to complete the VPN config wizard. THANK YOU!
10-21-2015 01:26 PM
Well, not only is this embarrassing, but very, very hard to believe. After running "sh xlate" and searching for "4500" in the results, I found an IP address on our network associated with port 4500 -- even though there were no port forwards of any kind on our new router for 4500, a GOD DAMN AT&T MICROCELL was preventing me from completing the Cisco VPN wizard?! Anyway.... I unplugged the microcell, ran "clear xlate" (a few times as it didn't seem to disappear after running the first clear xlate command), and the VPN wizard completed w/out any errors.
03-10-2021 06:42 PM
This Never worked for us.
We removed the related acl, nat and cleared the connection table for 4500 and 500.
And then pasted the below to make it work. Ensure you do it in non-production hours
clear xlate
crypto ikev2 enable Outside
clear xlate
06-02-2022 10:21 PM
how to do this in FMC?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide