Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

Benefits of TCP vs. UDP transport for IPSec

Can someone offer a recommendation for TCP or UDP transport for IPSec?

My inclination has been to move our clients over to UDP. The thinking is that most of the applications are TCP and if error correction or retransmission is needed, the application will handle it. I would think that this would remove some overhead from the tunnel and give better throughput, but it's hard to get an objective measurement.

  • Other Security Subjects
2 REPLIES
Gold

Re: Benefits of TCP vs. UDP transport for IPSec

NAT-T (UDP encapsulation on port 4500) It is defined in an IETF draft Most vendors products follow the NAT-T so its biggest advantage ...

IPSEC over TCP has advantage that you can specify on your EzVPN server port for IPSEC encapsulation (and you can choose tcp 80 and this port is open on most firewalls - so there is no problem esthablish conncetions for clients)

M.

New Member

Re: Benefits of TCP vs. UDP transport for IPSec

Hello Milan. Your answr to this post was really useful to me. I am wondering if you can confirm if you've tested ctcp or IPSec over TCP on ports 80 or 443... if you did, how did this go?

Your answer on this matter will be greatly appreciated.

580
Views
0
Helpful
2
Replies