Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

EasyVPN and TCP ports

Hey folks,

Got another problem with EasyVPN that requires some assistance.

Or actually, not as much a problem but more a wish.

I saw that easyVPN is able to send the VPN traffic over TCP.

You can also specify the port to use.

vpnclient ipsec-over-tcp port <port number>

Now it would be really great if it would be possible to set up the tunnel over a standard port
that is open on most firewalls: 443

Unfortanetly when i do this:

vpnclient ipsec-over-tcp port 443

The tunnel is gone and wont set itself back up.

Is it possible to do this, and send it over 443 or another standard port?

The errors/messages in the EasyVPN server log:

Built inbound TCP connection 625 for outside:10.1.0.2/1075 (10.1.0.2/1075) to identity:10.0.0.1/443 (10.0.0.1/443)

Teardown TCP connection 625 for outside:10.1.0.2/1075 to identity:10.0.0.1/443 duration 0:00:08 bytes 0 TCP Reset-O

Any ideas on this?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: EasyVPN and TCP ports

Unfortunately can't use any of the well known ports, ie: anything below port 1024.

3 REPLIES
Cisco Employee

Re: EasyVPN and TCP ports

Unfortunately not on port 443. You would need to use TCP port higher than 1024 for the ipsec-over-tcp port#.

TCP/443 is application specific (well known port) for https, therefore you can't use it and most firewall/application inspection device would inspect it as a normal HTTPS traffic and ipsec-over-tcp does not resemble the HTTPS.

New Member

Re: EasyVPN and TCP ports

Yeah thats why 443 would have been great, as it is open pretty much always even at external clients LAN's.

Is there any other common port that can be used?

Cisco Employee

Re: EasyVPN and TCP ports

Unfortunately can't use any of the well known ports, ie: anything below port 1024.

1129
Views
5
Helpful
3
Replies