Hi, I'm configuring ASA NAC to Windows XP VPN client. I'm not getting any response to EAPoUDP packets from ASA to CTA
%ASA-5-334006: EAPoUDP failed to get a response from host 10.2.2.100 CTA on XP is working fine with regular NAC L3 IP, and EasyVPN NAC L3 IP to an IOS router. The ASA seems to be sending EOU packets from a bogus IP address and not getting any response: %ASA-6-302015: Built outbound UDP connection 455 for outside: 10.2.2.100/21862 (10.2.2.100/21862) to identity:0.0.0.0/1024 (0.0.0.0/1024). The source address of 0.0.0.0 looks totally bogus to me. When I capture with Wireshark on the "Cisco Systems VPN Adapter", I see the source of the EOU packets as 0.0.0.0. On IOS, I can do "ip admission so XXXX" where XXXX is some "inside" interface covered by the split tunnel ACL. I can see the EOU packets within the tunnel. ASA is trying to do the same but has no proper source address. Any ideas? Richard
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
