ipsec over tcp and vpn load sharing on asa?

Unanswered Question
Jan 28th, 2009


I've installed a VPN cluster (2xASA5550).

Some of the VPN-Clients are using IPsec over TCP to connect. If the vpnclient configures the real ip address of asa everything works fine. If the vpnclient configures the cluster ip address no connection could established.

BTW load sharing with ipsec over udp is working without problems.

Doesn't vpn load sharing work with ipsec over tcp ?

Any experience ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Tue, 02/03/2009 - 18:34

Make sure that IPSec over TCP does not work with proxy-based firewalls. IPSec over TCP works with both the VPN Software Client and the VPN 3002 Hardware Client. It is a client to concentrator feature only. It does not work for LAN-to-LAN connections. The VPN 3000 Concentrator can simultaneously support standard IPSec, IPSec over TCP, and IPSec over UDP, based on the client with which it exchanges data. The VPN 3002 Hardware Client, which supports one tunnel at a time, can connect using standard IPSec, IPSec over TCP, or IPSec over UDP.


This Discussion