05-02-2014 07:48 AM
Hi,
I need to link 2 sites together.
My internet providers does not provide VPN passthrough (ESP) protocol or the possibility to put the modem or boxes in bridge mode. Look at the following discussion for more details.
https://supportforums.cisco.com/discussion/12186456/vpn-ipsec-not-working-solved
Is there a way to link the 2 sites together with security?
I have to say that GRE protocol works fine.
Thanks
05-04-2014 08:06 AM
Hi,
There are two methods that can overcome this issue.
1. IPsec over UDP
IPsec peers try to discover if NAT/PAT device in between by NAT-D payload, if yes, two ipsec peers will automatically use UDP port 4500 to setup IPsec session, after control-plane is established successfully, data-plane traffic like ESP will also be encapsulated into UDP port 4500, in this way it can overcome ESP blocked by service provider. this method does not need any configuration if only the 2 peers support this feature.
However, if there is no NAT device in between, IKE will negotiated in native mode(UDP 500), data-plane traffic will be encapsulated into ESP, the data traffic will be failed if ESP blocked by SP.
2. IPsec over TCP
This method need to configure CTCP on both sides manually, for example, 'crypto isakmp ctcp port 10000' on both sides, then both control-plane and data-plane traffic will be encapsulated into TCP, in this way also can overcome ESP blocked by service provider.
Regards,
David
05-06-2014 12:27 AM
Thanks for the information.
I have looked everywere to know how to do it, but I do not have the command to foolow the exemples. I only found how to listen on port 10000.
router (config)# crypto ctcp port 10000
Now, I need to know witch command I need to type to be able to use TCP?
For your info, I have this boot system flash c800-universalk9-mz.SPA.152-4.M6.bin
thanks
05-09-2014 01:26 PM
The only way to make a Site-to-Site VPN work on port 10000 is by doing EzVPN
Router(config-crypto-ezvpn)#do sh run | sec crypto
crypto ipsec client ezvpn vpn-hw-client
connect auto
ctcp port 10000
I hope this helps!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide