When the VPN client user tries to terminate IPsec over TCP connection on the external interface of VPN Concentrator, the Concentrator does not accept IPsec over TCP connections on
Note: IPsec over TCP is supported only on the public interface of VPN Concentrators.
In order to workaround this issue, complete one of these steps:
Refer to the IPSec | NAT Transparency section of Tunneling and Security for more information about IPsec over TCP and NAT -T.
For more information refer to How to configure NAT Transparency
Note: When both NAT-T and IPsec over UDP are enabled, NAT-T takes precedence.