- Bronze, 100 points or more
I've been trying to convert all of our VPN sites to EasyVPN for easy of management etc, but a few of them I have not been able to successfully get working.
My Central ASA5520 is the EasyVPN server and all of the remote firewalls are ASA5505s (7.2(3)-7.2(4)) or PIX501s (various flavors of 6.3(x).
The ones I have not been able to get working are ones that sit behind someone's home router, like a little linksys or D-link or somthing, that doesn't seem to handle NAT-T properly and I'm guessing it has to do with UDP being stateless. Two Questions:
1. Could IPsec over TCP solve this issue
2. If I enable IPsec over TCP on my central firewall, does that impact ALL of the client? I have about 140 connected right now. Or is it similar to NAT-T where it will be used if necessary? Thanks.