cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
429
Views
0
Helpful
3
Replies

CSS and IPSec

manu.shar
Level 1
Level 1

Not able to establish the IPSec remote access VPN from the inside zone of the firewall.

Connectivity:

Inside network is connected to the inside interface of the firewall.

Firewall outside interface is connected to the CSS

CSS is connected to ISP-1 and ISP-2

Please suggest, how to enable the NAT transparency is CSS to work the IPSec RA VPN ?

Is it possible?

Thanks

3 Replies 3

Gilles Dufour
Cisco Employee
Cisco Employee

the CSS does not support IPSEC or GRE and can't even route this traffic.

Gilles.

Gilles,

To confirm your statement. Are you saying that an IPsec tunnel cannot be routed through the CSS even when it is only being routed and not part of any content rule / group / flow?

While I'm asking, is this true of the ACE products as well?

Thanks,

Rob

Rob,

that's correct. The CSS will reject protocol type that are not icmp,tcp or udp.

Even if not loadbalanced.

ACE does not have this limitation.

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: