Hi Poonam,

On ASA

ASA1(config)# crypto ?

configure mode commands/options:
  ca           Certification authority
  dynamic-map  Configure a dynamic crypto map
  ikev1        Configure IKEv1 policy
  ikev2        Configure IKEv2 policy
  ipsec        Configure transform-set, IPSec SA lifetime, and fragmentation
  isakmp       Configure ISAKMP
  key          Long term key operations
  map          Configure a crypto map

exec mode commands/options:
  ca  Certification authority
ASA1(config)# crypto  ipsec ?

configure mode commands/options:
  df-bit                Set IPsec DF policy
  fragmentation         Set IPsec fragmentation policy
  ikev1                 Set IKEv1 settings
  ikev2                 Set IKEv2 settings
  security-association  Set security association parameters
ASA1(config)# crypto  ipsec

there is no command with ctcp?

Regards

Mahesh

Hello Mahesh,

 My mistake, That command work on router

To enable IPsec over TCP globally on the security appliance, enter the following command:

crypto isakmp ipsec-over-tcp [port port 1...port0]

This example enables IPsec over TCP on port 45:

hostname(config)# crypto isakmp ctcp port 45

Hi Poonam,

ASA1(config)# crypto isakmp ?

configure mode commands/options:
  disconnect-notify  Enable disconnect notification to peers
  identity           Set identity type (address, hostname or key-id)
  nat-traversal      Enable and configure nat-traversal
  reload-wait        Wait for voluntary termination of existing connections
                     before reboot

Still no luck

Regards

Mahesh

Please check the current version if support this feature.

it is 9.1(1).

Hi Poonam,

I config

ASA1(config)# crypto ikev1 ipsec-over-tcp port 10000

after this i was able to connect with IPSEC over TCP fine.

Need to know one thing more that even i did above config if i use IPSEC over

UDP  on User PC vpn client it still works.

Need to know how IPSEC over UDP also works with above config on ASA?

Regards

MAhesh

Many thanks Poonam

MAhesh