cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4176
Views
0
Helpful
0
Comments
TCC_2
Advocate
Advocate

Core issue

When the VPN client user tries to terminate IPsec over TCP connection on the external interface of VPN Concentrator, the Concentrator does not accept IPsec over TCP connections on

this interface regardless of it is allowed in a filter and sends pack a reset packet. This occurs since this feature is not yet supported.

Note: IPsec over TCP is supported only on the public interface of VPN Concentrators.

Resolution

In order to workaround this issue, complete one of these steps:

  • Terminate the VPN client on the public interface of Concentrator.
  • Or, configure NAT-T or IPsec over User Datagram Protocol (UDP), which works on the external interface, instead of IPsec over TCP.

Refer to the IPSec | NAT Transparency section of Tunneling and Security for more information about IPsec over TCP and NAT -T.

For more information refer to How to configure NAT Transparency


Note: When both NAT-T and IPsec over UDP are enabled, NAT-T takes precedence.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Quick Links