IPSEC over UDP vs IPSEC over TCP

Unanswered Question
Feb 12th, 2008
User Badges:

Hi, I'm configuring a IPSEC VPN infrastructure with ASA5510 for around 100 concurent Cisco VPN Client and I'm wondering which one of the two IPSEC tunneling technics (IPSEC over UDP or IPSEC over TCP) could be the best for serving my users. I want the solution that will minimize the amount of call received by the helpdesk. Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m.renaud.vsnl Tue, 02/12/2008 - 12:14
User Badges:

I already know all this stuff but the real question is the follow: Is it better to use IPSEC over UDP or IPSEC over TCP ? I've seen somewhere that IPSEC over UDP was not compatible with Statefull firewall. I just want to be sure I take the right decision...but the NAT-T is not part of my choice....thanks !!

pciaccio Tue, 02/12/2008 - 12:28
User Badges:
  • Silver, 250 points or more

A statefull firewall has no means to keep track of a UDP session. All it can do is look at the session and time it out if it sees no traffic for a specified amount of time. As for a TCP session the statefull firewall can reset the session and track its session numbers. That is the only difference between the two. TCP would be the more secure of the two with respect to session observation...


This Discussion