11-12-2007 10:18 PM - edited 03-03-2019 07:31 PM
Hi everyone
I know it's possible to run IPSec over TCP on a Cisco Pix/ASA, but is it possible with Cisco IOS?
Secondly, if the above is possible, can one choose to use no encryption on the tunnel?
Thanks for any assistance.
11-15-2007 03:14 PM
11-15-2007 08:11 PM
Yes, it is possible to run IPSec Over TCP on the routers. Please refer the information posted by Gregory in the previous post.
As far as the second part of the question, IPSec Over TCP is an option you use when you have VPN Clients connecting to the IOS Router that acting as a VPN Server. By enabling the option "IPSec Over TCP", all that you are doing is Encapsulating IKE and IPSEC packets in a TCP Packet. The packets are already encryped using ESP.
If you are looking to just tunnel traffic across two routers without encryption, then you could use GRE. But again, in GRE there is no encryption, so no confidentiality. So, if you have sensitive traffic flowing across the sites and your security policy is to provide confidentiality for that traffic, do encryption.
I hope it helps.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide