Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1229
Views
2
Helpful
8
Replies

UDP Port 500 showing open on multiple public IP

Go to solution
rakuntal
Level 1
Level 1

‎04-18-2023 02:45 AM

Hi,

I have configured IPSec VPN on the WAN interface. While scanning Public IP Pool from outside, the port udp 500 is also showing open on other public IPs of the router. I am not able to understand why port 500 is showing open on other public IPs although I have opened it only on WAN interface IP. Second I want to close it on other public IPs. Pls suggest how to do it

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rakuntal
Level 1
Level 1

‎04-19-2023 12:32 AM - edited ‎04-19-2023 12:39 AM

Thanks all, at the present problem, has been resolved, but don't know for how long. The problem seems to be coming from the crypto sessions it has created. Below are the steps I used for its solution.

1) crypto isakmp aggressive-mode disable

2) Removed crypto map cmap from Crypto WAN interface

3) crypto isakmp aggressive-mode disable

4) Again on WAN interface I configured crypto map cmap command

and things just worked. Don't know why but it worked. Now when I am scanning all my public IPs from outside except on WAN interface no IP is showing UDP port 500 open.

Thanks all of you

 

 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Rob Ingram
VIP
VIP

‎04-18-2023 02:56 AM

@rakuntal what device are you referring to - ASA, FTD or router?

 

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to rakuntal

‎04-18-2023 03:03 AM

it is bug, 

0 Helpful

Go to solution
rakuntal
Level 1
Level 1
In response to MHM Cisco World

‎04-18-2023 03:09 AM

can you please share any link for this particular bug? 

0 Helpful

Go to solution
tvotna
Spotlight
Spotlight

‎04-18-2023 02:57 AM

On routers you typically have an "in" ACL applied to public interfaces which controls both transit traffic and traffic which terminates on the router itself. This should help.

0 Helpful

Go to solution
rakuntal
Level 1
Level 1

‎04-18-2023 03:01 AM

Yes we have already applied ACL but I have not found anyhting .We have done multiple static NAT on the WAN interfaces and udp port 500 is showing open on NAT IPs , though I have not allowed it . Although it is configured only on WAN interface

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-18-2023 07:24 AM

If you have outbound traffic NATted to one of the other IP addresses (either static of as part of a NAT pool) then any outbound communications originating from udp/500 will try to claim the port by default.

Go to solution
rakuntal
Level 1
Level 1

‎04-19-2023 12:32 AM - edited ‎04-19-2023 12:39 AM

Thanks all, at the present problem, has been resolved, but don't know for how long. The problem seems to be coming from the crypto sessions it has created. Below are the steps I used for its solution.

1) crypto isakmp aggressive-mode disable

2) Removed crypto map cmap from Crypto WAN interface

3) crypto isakmp aggressive-mode disable

4) Again on WAN interface I configured crypto map cmap command

and things just worked. Don't know why but it worked. Now when I am scanning all my public IPs from outside except on WAN interface no IP is showing UDP port 500 open.

Thanks all of you

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card