Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

A Cisco VPN client configured for IPsec over TCP is unable to connect to the external interface of VPN Concentrator

Core issue

When the VPN client user tries to terminate IPsec over TCP connection on the external interface of VPN Concentrator, the Concentrator does not accept IPsec over TCP connections on

this interface regardless of it is allowed in a filter and sends pack a reset packet. This occurs since this feature is not yet supported.

Note: IPsec over TCP is supported only on the public interface of VPN Concentrators.

Resolution

In order to workaround this issue, complete one of these steps:

  • Terminate the VPN client on the public interface of Concentrator.
  • Or, configure NAT-T or IPsec over User Datagram Protocol (UDP), which works on the external interface, instead of IPsec over TCP.

Refer to the IPSec | NAT Transparency section of Tunneling and Security for more information about IPsec over TCP and NAT -T.

For more information refer to How to configure NAT Transparency


Note: When both NAT-T and IPsec over UDP are enabled, NAT-T takes precedence.

4041
Views
0
Helpful
0
Comments