Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client 3.5 feature - IPSec over TCP

Hi there,

We have been using VPN client 3.1. What is the difference (advantages and disadvantages) between "IPSec over UDP" and "IPSec over TCP"?

Thanks.

3 REPLIES
New Member

Re: VPN Client 3.5 feature - IPSec over TCP

Depending on where your clients are located, the TCP option is usually simpler and more palatable if your clients are going to be situated behind a firewall. We do this through a number of stateful inspection firewalls with NAT/PAT etc, as well as some proxying firewalls (with a few limitations)

New Member

Re: VPN Client 3.5 feature - IPSec over TCP

I was unable to use Ipsec/UDP or TCP going through a MS Proxy to a VPN3005. I can authenticate the group and user but after that the client hangs on. Could you do that? thanks.

New Member

Re: VPN Client 3.5 feature - IPSec over TCP

You can not do IPSE over UDP or TCP through MS proxy server.

Because MS proxy is not PAT/NAT, it is using application layer proxy service.

When we are doing IPSEC over UDP or TCP, we re-encapsulate the IPSEC packet into a new UDP or TCP packet, using UDP or TCP port 10000 ( can be changed to anything else).

This is reason why IPSEC/UDP or TCP can pass Microsoft internet connection share (ICS) but not proxy service.

Because ICS is PAT but MS proxy is another story.

328
Views
0
Helpful
3
Replies
CreatePlease login to create content