How do I allow IPSec over TCP through a Cisco ASA?
14,001
Try adding this to your asa config:
policy-map global_policy
class inspection_default
inspect ipsec-pass-thru
Related videos on Youtube
16 : 11
Cisco ASA Firewall Remote Access IPSec VPN Basic Configuration
08 : 49
Cisco ASA - Remote Access VPN (IPSec)
19 : 49
How to Configure Site-2-Site IPSec VPN Between CISCO ASA Firewall
23 : 19
CCIE Sec - VTI IPsec tunnel between Cisco ASA and IOS - BGP over VTI
01 : 37
DevOps & SysAdmins: How do I allow IPSec over TCP through a Cisco ASA? (2 Solutions!!)
Author by
Matt
I currently work for Blue Dot Solutions, which is a mobile software company designing and developing mobile applications and MVC frameworks for mobile development. I've been in IT for 8 years, designing maintaining Blue Dot's network. I have extensive experience with VMWare, Cisco, SQL Server, Linux firewalls, IIS, and Windows OS.
Updated on September 17, 2022Comments
-
Matt almost 2 years
I have a internal user that needs to connect via VPN to an external company. The external company's vpn is using IPSec over TCP on port 57369. When my user tries to connect it fails. The logs on my ASA show the following. Deny TCP (no connection) from 172.x.x.x/1155 to 167.x.x.x/57369 flags RST on interface Inside
How do I allow this traffic through my ASA?
Thanks!
-
Matt over 14 yearsThe external company's IP is 167.124.0.37. My internal network is 172.x.x.x. It's odd that the firewall is denying an internal address from going out.
-
-
Matt over 14 yearsThanks for the reply, but still have the same issue.
-
einstiien over 14 yearsipsec-passthru is for regular ipsec traffic. He is talking about IPSec over TCP.
-
smithian over 14 yearsSorry, my fault for misreading the question. If you post your config and output of sh ver I will have a look. What you are trying to do should just work, I have the same setup in a number of offices.
