Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

I'm having trouble using IPSec over TCP(port 10000) with Cisco s/w clients coming to an ASA ver 7.2(2). I succeed with IPSec over UDP & I can connect ok with a telnet to port 10000. But when I use the VPN client set for IPSec over TCP, I don't get the credentials panel for submitting user and passwd. I do have the isakmp ipsec-over-tcp port 10000 statement. What am I missing?

5 REPLIES
Cisco Employee

Re: IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

Hi,

What do you mean by you are able to connect on tcp port 10000 using telnet ?

Is there any port forwarding configured on ASA's outside interface for tcp port 10000 ?

Do you have "ipsec over tcp" selected on client software as well ?

-Kanishka

New Member

Re: IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

Thanks for your reply. If I open a command prompt window on the client and type "telnet ASA_public_address 10000" I get a connection established--this means that the ASA is "listening" on port 10000 as it should be. No port forwarding is configured. ipsec over tcp is enabled/selected on the client. When I select ipsec-over-udp, everything works. I also have the statement isakmp tcp-over-tcp port 10000.

Jon

Cisco Employee

Re: IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

Hi,

Try disabling XP SP2 firewall, and then connect on IPsec over TCP.

-Kanishka

New Member

Re: IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

Kanishka,

That did it. Thank You.

Jon

Cisco Employee

Re: IPSec RA with s/w VPN clients to ASA w/IPSec over TCP

You're welcome.

If in case you do not want to disable the sp2 firewall, you can create the exception rules in the sp 2 firwall for tcp 10000. Pl,eas take a look:

http://ict.cas.psu.edu/training/howto/comm/vpn403-xpsp2.htm#2

*Please rate if helped.

-Kanishka

117
Views
0
Helpful
5
Replies