Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
4224
Views
0
Helpful
0
Comments

A Cisco VPN client configured for IPsec over TCP is unable to connect to the external interface of VPN Concentrator

TCC_2
Level 10
Level 10

on ‎06-22-2009 05:33 PM

Core issue

When the VPN client user tries to terminate IPsec over TCP connection on the external interface of VPN Concentrator, the Concentrator does not accept IPsec over TCP connections on

this interface regardless of it is allowed in a filter and sends pack a reset packet. This occurs since this feature is not yet supported.

Note: IPsec over TCP is supported only on the public interface of VPN Concentrators.

Resolution

In order to workaround this issue, complete one of these steps:

  • Terminate the VPN client on the public interface of Concentrator.
  • Or, configure NAT-T or IPsec over User Datagram Protocol (UDP), which works on the external interface, instead of IPsec over TCP.

Refer to the IPSec | NAT Transparency section of Tunneling and Security for more information about IPsec over TCP and NAT -T.

For more information refer to How to configure NAT Transparency


Note: When both NAT-T and IPsec over UDP are enabled, NAT-T takes precedence.

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents