Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC over UDP vs IPSEC over TCP

Hi, I'm configuring a IPSEC VPN infrastructure with ASA5510 for around 100 concurent Cisco VPN Client and I'm wondering which one of the two IPSEC tunneling technics (IPSEC over UDP or IPSEC over TCP) could be the best for serving my users. I want the solution that will minimize the amount of call received by the helpdesk. Thanks

3 REPLIES
Gold

Re: IPSEC over UDP vs IPSEC over TCP

just enable NAT-T. There will be no additional configuration needed on the vpn client.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ike.html#wp1120836

New Member

Re: IPSEC over UDP vs IPSEC over TCP

I already know all this stuff but the real question is the follow: Is it better to use IPSEC over UDP or IPSEC over TCP ? I've seen somewhere that IPSEC over UDP was not compatible with Statefull firewall. I just want to be sure I take the right decision...but the NAT-T is not part of my choice....thanks !!

Silver

Re: IPSEC over UDP vs IPSEC over TCP

A statefull firewall has no means to keep track of a UDP session. All it can do is look at the session and time it out if it sees no traffic for a specified amount of time. As for a TCP session the statefull firewall can reset the session and track its session numbers. That is the only difference between the two. TCP would be the more secure of the two with respect to session observation...

8389
Views
0
Helpful
3
Replies