cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1650
Views
0
Helpful
3
Replies

IPSEC over satellite (VSAT)

r-reed
Level 1
Level 1

I understand the issue with performance of IPSEC v.s. TCP/IP over satellite. I'm looking for someway to do a site-to-site IPSEC VPN over TCP so that the TCP spoofing enhancements will work. I know that the VPN concentrators will allow IPSEC over TCP, but I haven't found how to configure that in IOS. Pointers to third part products that solve this issue would also be appreciated.

3 Replies 3

mostiguy
Level 6
Level 6

vpn 3000 series concentrators can do it. You could install one at the head end, and put 3002 hardware concentrators at the end sites. I don't think there are any plans for IOS to support this as it seems to a a real differentating feature for the concentrators, but maybe the Cisco folks can say otherwise

Why do you think the tcp spoofing enhancements provide much benefit in addition to that of IPSec?

The tcp spoofing enhancements are used to allow the window to continue without waiting for the real acks from the distant end which will take .5 seconds. Since IPSEC packets don't use tcp this won't help so we transmit and wait for ack.

Hi,

 

Could you please explain the issue with performance of IPSEC v.s. TCP/IP over satellite?

Regards,

Fida 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: