Solved: IPSec Over TCP

shincanada · ‎06-13-2012

When you configure this option on the ASA, does it affect all VPN's? This is a global config item, if I have existing VPN's working with UDP, but am required to set up a VPN using TCP, do the other VPN's continue to use UDP, or do they fail as the other end is not of the same configuration?

Jennifer Halim · ‎06-13-2012

IPSec over TCP is only supported for remote access vpn client connection to the ASA. It is not supported for LAN-to-LAN VPN tunnel.

And yes, it will affect all remote access vpn client connection to the ASA once you enable it globally.

Here is the document for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ike.html#wp1059912

View solution in original post

Jennifer Halim · ‎06-13-2012

IPSec over TCP is only supported for remote access vpn client connection to the ASA. It is not supported for LAN-to-LAN VPN tunnel.

And yes, it will affect all remote access vpn client connection to the ASA once you enable it globally.

Here is the document for your reference:

http://www.cisco.com/en/US/docs/security/asa/asa83/configuration/guide/ike.html#wp1059912

shincanada · ‎06-14-2012

Thank You, I enabled last night and so far so good. The note "The adaptive security appliance can simultaneously support standard IPsec, IPsec over TCP, NAT-Traversal, and IPsec over UDP, depending on the client with which it is exchanging data." gives me some reassurance.