CSS and IPSec

Unanswered Question
Oct 18th, 2007
User Badges:

Not able to establish the IPSec remote access VPN from the inside zone of the firewall.

Connectivity:

Inside network is connected to the inside interface of the firewall.

Firewall outside interface is connected to the CSS

CSS is connected to ISP-1 and ISP-2


Please suggest, how to enable the NAT transparency is CSS to work the IPSec RA VPN ?

Is it possible?


Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Gilles Dufour Thu, 10/18/2007 - 04:48
User Badges:
  • Cisco Employee,

the CSS does not support IPSEC or GRE and can't even route this traffic.


Gilles.

rhholmes Fri, 08/29/2008 - 06:18
User Badges:

Gilles,


To confirm your statement. Are you saying that an IPsec tunnel cannot be routed through the CSS even when it is only being routed and not part of any content rule / group / flow?


While I'm asking, is this true of the ACE products as well?


Thanks,

Rob

Gilles Dufour Mon, 09/01/2008 - 23:45
User Badges:
  • Cisco Employee,

Rob,


that's correct. The CSS will reject protocol type that are not icmp,tcp or udp.

Even if not loadbalanced.


ACE does not have this limitation.


Gilles.

Actions

This Discussion