IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

Unanswered Question
Mar 7th, 2007

I'm having trouble using IPSec over TCP(port 10000) with Cisco s/w clients coming to an ASA ver 7.2(2). I succeed with IPSec over UDP & I can connect ok with a telnet to port 10000. But when I use the VPN client set for IPSec over TCP, I don't get the credentials panel for submitting user and passwd. I do have the isakmp ipsec-over-tcp port 10000 statement. What am I missing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kaachary Wed, 03/07/2007 - 15:12


What do you mean by you are able to connect on tcp port 10000 using telnet ?

Is there any port forwarding configured on ASA's outside interface for tcp port 10000 ?

Do you have "ipsec over tcp" selected on client software as well ?


jhosking Thu, 03/08/2007 - 04:48

Thanks for your reply. If I open a command prompt window on the client and type "telnet ASA_public_address 10000" I get a connection established--this means that the ASA is "listening" on port 10000 as it should be. No port forwarding is configured. ipsec over tcp is enabled/selected on the client. When I select ipsec-over-udp, everything works. I also have the statement isakmp tcp-over-tcp port 10000.


kaachary Thu, 03/08/2007 - 05:11


Try disabling XP SP2 firewall, and then connect on IPsec over TCP.



This Discussion