Hi there,

I've tried to set up IPSec over TCP with a VPN-Client V5.0.07.0440 on Win 7 64b to my ASA 5520 (Version 8.2(2)16) regarding to

http://www.cisco.com/en/US/docs/security/asa/asa70/configuration/guide/ike.html#wp1059912

IPSec over TCP activated at the ASA

crypto isakmp ipsec-over-tcp port 10000

and in the transport tap of the VPN connection 'enable transport tunneling' with IPSec over TCP an port 10000 instead of 'IPSec over UDP'

The connect timed out with error code 412

And this is my log from the ASA:

%ASA-7-710005: TCP request discarded from 178.x.x.x/53225 to INTERNET:212.x.x.x/10000

%ASA-3-713042: IKE Initiator unable to find policy: Intf INTERNET, Src: 212.x.x.x, Dst: 178.x.x.x

%ASA-7-710005: TCP request discarded from 178.x.x.x/53225 to INTERNET:212.x.x.x/10000

%ASA-3-713042: IKE Initiator unable to find policy: Intf INTERNET, Src: 212.x.x.x, Dst: 178.x.x.x

I don't have a clue what's here missing.

I have static crypto maps for the L2L tunnels and the default dynamic crypto map for the VPN clients which come over NAT-T

crypto map INTERNET_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 match address INTERNET_cryptomap_65535.65535

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route

Any ideas?

Thanks in advance,

Robert