0

the cisco documentation for ASA 9.1 (I have 9.1.2) seems to imply that ipsec vpn with tcp/ip is only for remote clients, not site to site vpn.

But I repeatedly see people mention vpn over tcp to solve issues.

I'd like to try it for my particular issue, but I don't seem to be enable to do it.

magic phrases include crypto ikev1 ipsec-over-tcp port 10000 10001 10002 10003 10004 10005 10006 10007 10008 10009

I've seemed to enable it in ikev1 and I've restricted the site to site vpn profile to only use ikev1, but don't think I'm getting it.

Maybe also: what should I look at to be sure it's UDP vs TCP vpn tunnel?

Thanks, if anyone out there has done this. -kevin

knormoyle
  • 1
  • What is your particular issue? – ewwhite May 28 '15 at 11:15
  • I have site-to-site vpn working fine. But the performance is a little below 17 Mbits/sec. The link is 150 Mbits/sec up/ 20Mbits/down on one side. On the other side, it's signficantly above 150Mbits/sec on up and down. From what I can tell, ipsec site to site vpn is limited by the bw of the slowest link (causes slow in both directions). On remote client vpn, I can get asymmetric bw on the 150/20 link. I was wondering if ssl site-to-site vpn has this issue, or site-to-site with tcp. I've since read more and apparently cisco doesn't support ssl site to site vpn, nor tcp site to site vpn – knormoyle Jun 09 '15 at 08:02

0 Answers0