IOS - IPSec over TCP

Unanswered Question
Nov 12th, 2007

Hi everyone

I know it's possible to run IPSec over TCP on a Cisco Pix/ASA, but is it possible with Cisco IOS?

Secondly, if the above is possible, can one choose to use no encryption on the tunnel?

Thanks for any assistance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Thu, 11/15/2007 - 20:11

Yes, it is possible to run IPSec Over TCP on the routers. Please refer the information posted by Gregory in the previous post.

As far as the second part of the question, IPSec Over TCP is an option you use when you have VPN Clients connecting to the IOS Router that acting as a VPN Server. By enabling the option "IPSec Over TCP", all that you are doing is Encapsulating IKE and IPSEC packets in a TCP Packet. The packets are already encryped using ESP.

If you are looking to just tunnel traffic across two routers without encryption, then you could use GRE. But again, in GRE there is no encryption, so no confidentiality. So, if you have sensitive traffic flowing across the sites and your security policy is to provide confidentiality for that traffic, do encryption.

I hope it helps.




This Discussion