Solved: it may be a bug in ASA 8.2.4. I tried 8.4.1 and ASA NAC/VPN is working. EAPoUDP packets are sourced from the inside interface. The split tunnel ACL covers the inside IP address and the EOU dialog succeeds.
Richard On Sat, May 14, 2011 at 9:09 PM, Richard Chan <[email protected]>wrote: > > Hi, I'm configuring ASA NAC to Windows XP VPN client. > I'm not getting any response to EAPoUDP packets from ASA to CTA > > %ASA-5-334006: EAPoUDP failed to get a response from host 10.2.2.100 > > > CTA on XP is working fine with regular NAC L3 IP, and EasyVPN NAC L3 IP to > an IOS router. > > The ASA seems to be sending EOU packets from a bogus IP address and not > getting any response: > > %ASA-6-302015: Built outbound UDP connection 455 for outside: > 10.2.2.100/21862 (10.2.2.100/21862) to identity:0.0.0.0/1024 (0.0.0.0/1024 > ). > The source address of 0.0.0.0 looks totally bogus to me. > > When I capture with Wireshark on the "Cisco Systems VPN Adapter", I see the > source of the EOU packets as 0.0.0.0. > > On IOS, I can do "ip admission so XXXX" where XXXX is some "inside" > interface covered by the split tunnel ACL. > I can see the EOU packets within the tunnel. > > ASA is trying to do the same but has no proper source address. > > Any ideas? > > Richard >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
