Hi, I'm configuring a IPSEC VPN infrastructure with ASA5510 for around 100 concurent Cisco VPN Client and I'm wondering which one of the two IPSEC tunneling technics (IPSEC over UDP or IPSEC over TCP) could be the best for serving my users. I want the solution that will minimize the amount of call received by the helpdesk. Thanks
I already know all this stuff but the real question is the follow: Is it better to use IPSEC over UDP or IPSEC over TCP ? I've seen somewhere that IPSEC over UDP was not compatible with Statefull firewall. I just want to be sure I take the right decision...but the NAT-T is not part of my choice....thanks !!
A statefull firewall has no means to keep track of a UDP session. All it can do is look at the session and time it out if it sees no traffic for a specified amount of time. As for a TCP session the statefull firewall can reset the session and track its session numbers. That is the only difference between the two. TCP would be the more secure of the two with respect to session observation...
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...