I understand the issue with performance of IPSEC v.s. TCP/IP over satellite. I'm looking for someway to do a site-to-site IPSEC VPN over TCP so that the TCP spoofing enhancements will work. I know that the VPN concentrators will allow IPSEC over TCP, but I haven't found how to configure that in IOS. Pointers to third part products that solve this issue would also be appreciated.
vpn 3000 series concentrators can do it. You could install one at the head end, and put 3002 hardware concentrators at the end sites. I don't think there are any plans for IOS to support this as it seems to a a real differentating feature for the concentrators, but maybe the Cisco folks can say otherwise
Why do you think the tcp spoofing enhancements provide much benefit in addition to that of IPSec?
The tcp spoofing enhancements are used to allow the window to continue without waiting for the real acks from the distant end which will take .5 seconds. Since IPSEC packets don't use tcp this won't help so we transmit and wait for ack.