From the Configuration guide:
"With the exception of the home zone on the Cisco ASA 5505, the security
appliance can simultaneously support standard IPsec, IPsec over TCP, NAT-T,
and IPsec over UDP, depending on the client with which it is exchanging
data. When both NAT-T and IPsec over UDP are enabled, NAT-T takes
precedence. IPsec over TCP, if enabled, takes precedence over all other
connection methods. "
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ike.html#wp1120836
Regards
Farrukh
On Fri, Jan 22, 2010 at 12:22 AM, Kim Teu ??? Teu Kim Loon <
kim.teu_at_gmail.com> wrote:
> Hello Expert,
> When NAT-T, IPSec over UDP 10000 & TCP 10000 is enabled, what's the order
> of
> operation? Is NAT-T always the priority?
>
> I have a ASA VPN head end with Remote Access VPN configured and NAT-T
> enabled.
>
> PC User with Cisco VPN client at a remote site behind FWSM is having
> problem
> connecting using UDP 4500. The connection is going over IP-Proto 50. It's
> only working when I enabled IPSec over UDP 10000 or allow IP-Proto 50
> inbound.
>
> The client site firewall has outbound permit any any.
>
> Any idea why?
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 22 2010 - 07:35:13 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART