Solved: IPsec over tcp

andre8525 · ‎01-04-2012

Hello ,

I am looking for a sample config for IPsec over tcp (port 1000) for cisco 12.4 ios (2610xm)

regards,

Andrew

ajay chauhan · ‎01-05-2012

I dont have cisco link for that but its global command just mentioned the port and allow your outside ACL for port tcp 10000.Once done change the transport setting in your VPN client for TCP port 10000.

Thanks

Ajay

View solution in original post

ajay chauhan · ‎01-04-2012

you need configure "crypto ctcp port 1000" on router and on the Vpn client side, enable ipsec over tcp for the specific port as well.

andre8525 · ‎01-05-2012

I am using advance enterprise ios and that command doesn't exist. Shall i upgrade to security ios?

andre8525 · ‎01-05-2012

Hello Ajay,

I upgrade the router to the version 12.4(9) and now i can use the command "crypto ctcp port 10000". Do you have any documentation how to enable ipsec over tcp?

Thanks

Andrew

ajay chauhan · ‎01-05-2012

I dont have cisco link for that but its global command just mentioned the port and allow your outside ACL for port tcp 10000.Once done change the transport setting in your VPN client for TCP port 10000.

Thanks

Ajay

andre8525 · ‎01-05-2012

Hello Ajay,

After the upgrade and the command which you mention is working and i can connect with the mac book too (unfortunetely Apple prefers only IPsec over tcp)

Thanks

Andrew

ajay chauhan · ‎01-05-2012

So is it solved or something still left ?

andre8525 · ‎01-05-2012

Yes it is

One last question , do you know if i can assign the same ip to spesific vpn client?

ajay chauhan · ‎01-05-2012

Do you mean fixed IP for specific VPN user ?

andre8525 · ‎01-05-2012

Yes

ajay chauhan · ‎01-05-2012

I am sure we do it on ASA but IOS not 100 % sure if authentication id done by Radius then yes attributes can be set.

Might be other knows.

Thanks

Ajay

andre8525 · ‎01-05-2012

No worries,

Thanks for your help

Andrew