What your thoughts are on changing the PCF file from a UDP connection to a TCP connection? Currently we are using UDP in enable transport tunneling section of Cisco VPN Client.
If we do move them to TCP for the VPN connection, Would we consider changing the port from the standard 10000 to .. . .. 25001? If we did that,what would the impact be on the ASA’s (hosting all VPN connection termination at HO)?
I am talking about remote user VPN connectoin here.
i will appreciate if anybody can share some knoweledge on it.
Before changing the port on user's PCF, you would also need to configure the ASA to listen on the TCP port. By default, it uses TCP/10000, however, you can change it to any other ports. One thing to make sure is you don't use overlapping TCP port that is used by other applications.
PS: with TCP, there could be slight latency purely due to the nature of TCP protocol.
What is your reasoning for moving to IPSec over TCP?
UDP is, for obvious reasons, more efficient in tunneling situations. With IPSec over TCP (IPSec Client) or TLS (Anyconnect), you have to give consideration to the fact that in cases of lost or missing packets, not only will the tunneled tcp traffic send retrans, the encrypted packet will do the same.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...