Brand new Cisco ASA 5506-X. Ran the VPN wizard. At the end, all is "OK" except an error:
Error: crypto ikev1 enable outside
failed to open "udp/localized/2/4500"
Error: Error opening IKE port 4500 on Interface outside
Come someone help me with this? Provide a fix? No CLI experience here. If you suggest creating a rule, please explain how to do that.
We have also been stuck with this for quite some time. Nothing online or in the manual, and I saw in your other post (about the same question) that yes, it is unbelievable an error message can exist and not be "googled", at least in 2015 it is unbelievable. But, like most things today, they "protect" the real goods behind 3-rd party re-sellers and make you pay additional money to fix something, when the info/answer should be google-able to begin with. We switched to Meraki and things "just worked"; the GUIs are much better (even though the intuition is still somewhat lacking -- Cisco owns them, so no surprise there).
I made it so I could run the clear xlate and the commands for this fast enough the device couldn't rewrite it. Here's what I did for mine. I added clear xlate every other line. I opened ASDM then went to tools, command line. I selected multiple line. I put the commands in like this and it worked.
***EDIT*** Keep in mind if you do "clear xlate", any host using a dynamic session will drop/disconnect. Static translation will stay connected.
! write client profile "disk0:/AnyconnectVPN_client_profile.xml" to ASA
anyconnect profiles AnyconnectVPN_client_profile disk0:/AnyconnectVPN_client_profile.xml
crypto ikev2 enable Outside client-services port 443
That was a frustrating day! That's why I posted this hoping to save someone the headache I went through. Glad it helped you. In my case, it was Meraki AP's causing the issue and I couldn't just disconnect them. They ended up using a different port and the VPN is still working fine to this day.
Well, not only is this embarrassing, but very, very hard to believe. After running "sh xlate" and searching for "4500" in the results, I found an IP address on our network associated with port 4500 -- even though there were no port forwards of any kind on our new router for 4500, a GOD DAMN AT&T MICROCELL was preventing me from completing the Cisco VPN wizard?! Anyway.... I unplugged the microcell, ran "clear xlate" (a few times as it didn't seem to disappear after running the first clear xlate command), and the VPN wizard completed w/out any errors.
This Never worked for us.
We removed the related acl, nat and cleared the connection table for 4500 and 500.
And then pasted the below to make it work. Ensure you do it in non-production hours
crypto ikev2 enable Outside