02-09-2008 12:52 PM - edited 02-21-2020 03:32 PM
Our VPN 3005 router is allowing ISAKMP connections from clients when the client connection is UDP port 500 to UDP port 500. However, some remote clients seem to be trying UDP port XXX to UPD port 500 connections and these are being rejected.
Any thoughts why a client would attempt an ISAKMP connection with a source port that is not UDP 500?
02-10-2008 07:20 PM
Their vpn clients are behind some sort of NAT/PAT device. Make sure you have enabled NAT-T on your vpn3005.
04-23-2008 07:42 AM
I am seeing the same thing. Only it is with the Cisco 5.x IPSec Client. It connects with an ephemeral source and a dest of UDP:500. This is wreaking havoc on our ACL's.
Anyone know how to disable this behavior in the client?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide