Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSS and IPSec

Not able to establish the IPSec remote access VPN from the inside zone of the firewall.

Connectivity:

Inside network is connected to the inside interface of the firewall.

Firewall outside interface is connected to the CSS

CSS is connected to ISP-1 and ISP-2

Please suggest, how to enable the NAT transparency is CSS to work the IPSec RA VPN ?

Is it possible?

Thanks

3 REPLIES
Cisco Employee

Re: CSS and IPSec

the CSS does not support IPSEC or GRE and can't even route this traffic.

Gilles.

New Member

Re: CSS and IPSec

Gilles,

To confirm your statement. Are you saying that an IPsec tunnel cannot be routed through the CSS even when it is only being routed and not part of any content rule / group / flow?

While I'm asking, is this true of the ACE products as well?

Thanks,

Rob

Cisco Employee

Re: CSS and IPSec

Rob,

that's correct. The CSS will reject protocol type that are not icmp,tcp or udp.

Even if not loadbalanced.

ACE does not have this limitation.

Gilles.

150
Views
0
Helpful
3
Replies