INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Jobs from Indeed

Error opening IKE port 4500 on Interface outside

Error opening IKE port 4500 on Interface outside

(OP)
Brand new Cisco ASA 5506-X. Ran the VPN wizard to enable Remote Access VPN with the Cisco VPN Client. At the end, all is "OK" except an error:

Error: crypto ikev1 enable outside
failed to open "udp/localized/2/4500"
Error: Error opening IKE port 4500 on Interface outside


Can someone help me with this? Provide a fix? No CLI experience here, but from looking around online I have seen suggestions to issue commands:

clear xlate
crypto ikev1 enable outside


When I run "crypto ikev1 enable outside, I get:

Result of the command: "crypto ikev1 enable outside"

ERROR: Failed to open "udp/localized/2/4500"
ERROR: Error opening IKE port 4500 on Interface outside


If I run the command "sh xlate", I do see a reference in there as:

UDP PAT from any:10.1.10.175/4500 to outside:x.x.x.x/4500 flags ri idle 207:27:08 timeout 0:00:30

...yet, I don't see any references of port 4500 in the NAT rules or Access rules section. Where can I make sure 4500 is available for the VPN?

When I run the "clear xlate" command and then "sh xlate" again, the 4500 reference is back in there, so I know the VPN wizard will still fail.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close