Can someone offer a recommendation for TCP or UDP transport for IPSec?
My inclination has been to move our clients over to UDP. The thinking is that most of the applications are TCP and if error correction or retransmission is needed, the application will handle it. I would think that this would remove some overhead from the tunnel and give better throughput, but it's hard to get an objective measurement.
NAT-T (UDP encapsulation on port 4500) It is defined in an IETF draft Most vendors products follow the NAT-T so its biggest advantage ...
IPSEC over TCP has advantage that you can specify on your EzVPN server port for IPSEC encapsulation (and you can choose tcp 80 and this port is open on most firewalls - so there is no problem esthablish conncetions for clients)
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...