Hmmm, The Cisco client (VPN 3000) allows you to select TCP in order to encapsulate IKE and ESP. That's a great idea if you are dealing with firewall rules that don't allow UDP 500 or protocol 50.
The other interesting thing Cisco has done is to encapsulate ESP inside UDP (port 10000) in order to traverse NAT. (For the Cisco purists, that is PAT, but as Aaron has rebuffed me lately on this point I will defer to the more general Linux Geek definition of NAT). This overcomes the problem of NAT devices failing to handle Protocol 50 (ESP). Similarly, NAT-T uses UDP port 4500 by default, however, this can be done on TCP as well, which might also be what you were recalling. All of these options are simple to select on the client and on the concentrator if you can tear yourself away from a CLI and gaze at a GUI for a few minutes. -----Original Message----- From: John Beimler [mailto:[EMAIL PROTECTED] Sent: Friday, February 25, 2005 11:08 AM To: Triangle Linux Users Group discussion list Subject: Re: [TriLUG] help! IPsec VPN over SSH? The Cisco VPN client can also be configured to tunnel itself over TCP, I'm not sure how, but I had to configure it to be able to use our VPN at a few customer sites last year. It wasn't difficult, it was a simple config setting, just can't remember which one. Peace. john -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
