03-07-2007 01:31 PM - edited 02-21-2020 02:54 PM
I'm having trouble using IPSec over TCP(port 10000) with Cisco s/w clients coming to an ASA ver 7.2(2). I succeed with IPSec over UDP & I can connect ok with a telnet to port 10000. But when I use the VPN client set for IPSec over TCP, I don't get the credentials panel for submitting user and passwd. I do have the isakmp ipsec-over-tcp port 10000 statement. What am I missing?
03-07-2007 03:12 PM
Hi,
What do you mean by you are able to connect on tcp port 10000 using telnet ?
Is there any port forwarding configured on ASA's outside interface for tcp port 10000 ?
Do you have "ipsec over tcp" selected on client software as well ?
-Kanishka
03-08-2007 04:48 AM
Thanks for your reply. If I open a command prompt window on the client and type "telnet ASA_public_address 10000" I get a connection established--this means that the ASA is "listening" on port 10000 as it should be. No port forwarding is configured. ipsec over tcp is enabled/selected on the client. When I select ipsec-over-udp, everything works. I also have the statement isakmp tcp-over-tcp port 10000.
Jon
03-08-2007 05:11 AM
Hi,
Try disabling XP SP2 firewall, and then connect on IPsec over TCP.
-Kanishka
03-08-2007 05:52 AM
Kanishka,
That did it. Thank You.
Jon
03-09-2007 02:13 AM
You're welcome.
If in case you do not want to disable the sp2 firewall, you can create the exception rules in the sp 2 firwall for tcp 10000. Pl,eas take a look:
http://ict.cas.psu.edu/training/howto/comm/vpn403-xpsp2.htm#2
*Please rate if helped.
-Kanishka
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide