Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IPSEC over TCP vor IOS


I'm using a Cisco 7200 Router as VPN Gateway for our Easy-VPN clients. The problem is, that i need to tunnel the IPSEC traffic over tcp. By know i only find out, that the concentrator is able to tunnel IPSEC via TCP.

Does anybody know, if it is planed to put this feature into cisco IOS.

New Member

Re: IPSEC over TCP vor IOS

Your request is not clear. You can use TCP or UDP for IPSEC. For example when you use Nat the following will happend:

There are a number of incompatibilities when dealing with IPsec ESP/AH with NAT. To overcome the ESP limitations, the Cisco VPN client wraps the ESP packets within a UDP wrapper. This requires the server side to be able to strip off the UDP header and then perform decryption. The server should also be able to encapsulate the packets it encrypts with a UDP wrapper.

New Member

Re: IPSEC over TCP vor IOS


I'll try to give a more detailed description of our problem.

We are using the Easy-Vpn Client which connects to a router running IOS 12.3.

Our user are connecting from a provider network with public IP adresses to the gateway.

Only one user can establish a VPN session.Concurrent sessions are faild. Even the use of transparent tunnel mode don't fix the problem because from my understanding the provider router / NAT-device must support this.

So I think the only way to solve the problem is to use transparent tunnel over tcp like it is supportet on the concentrator.

Cisco Employee

Re: IPSEC over TCP vor IOS


The feature which you are looking for is NAT-T (NAT Traversal). It uses UDP 4500. IOS 12.3 already has this feature. Make sure the vpn clients are 3.6 and above. IPsec over TCP is supported only on Concentrators