> On 03 Sep 2015, at 13:35 , Robert Webb <rw...@ropeguru.com> wrote: > > We are seeing udp 500 packets being dropped at our firewall from user's > browsing sessions. These are users on a 2008 R2 AD setup with Windows 7. > > Source and destination ports are udp 500 and the the pattern of drops > directly correlate to the web browsing activity. We have confirmed this with > tcpdump of port 500 and a single host and watching the pattern of traffic as > they browse. This also occurs no matter what browser is used. > > Can anyone shine some light on what may be using udp 500 when web browsing?
The VPN using IPsec UDP-Encap connection that supposedly gets through NAT? Have you checked the content with tcpdump? Do you have fragments by any chance?
