RE: NAT-T, IPSec over UDP 10000 & TCP 10000 - remote access VPN

Yes, NAT-T UDP 4500 and IPSec over UDP are working fine. I also have the
"IPSEC over UDP"/NAT-T option on the VPN client enabled. I question is that
when would on protocol used over the other.

Thanks.

Kim

  _____

From: Farrukh Haroon [mailto:farrukhharoon_at_gmail.com]
Sent: Friday, January 22, 2010 4:55 AM
To: Kim Teu ??? Teu Kim Loon
Cc: security_at_groupstudy.com; ccielab_at_groupstudy.com
Subject: Re: NAT-T, IPSec over UDP 10000 & TCP 10000 - remote access VPN

Did you enable the "IPSEC over UDP"/NAT-T option on the VPN client? Just
have to check an option in the VPN client properties.

On Fri, Jan 22, 2010 at 12:22 AM, Kim Teu ??? Teu Kim Loon
<kim.teu_at_gmail.com> wrote:

Hello Expert,
When NAT-T, IPSec over UDP 10000 & TCP 10000 is enabled, what's the order of
operation? Is NAT-T always the priority?

I have a ASA VPN head end with Remote Access VPN configured and NAT-T
enabled.

PC User with Cisco VPN client at a remote site behind FWSM is having problem
connecting using UDP 4500. The connection is going over IP-Proto 50. It's
only working when I enabled IPSec over UDP 10000 or allow IP-Proto 50
inbound.

The client site firewall has outbound permit any any.

Any idea why?

Blogs and organic groups at http://www.ccie.net
Received on Fri Jan 22 2010 - 09:21:24 ART