EX SSL-VPN: What are the advantages of enabling ESP in Tunnel mode?

Description

EX SSL-VPN: What are the advantages of enabling ESP in Tunnel mode?

Resolution

Question:

What are the advantages/features on enabling ESP in Tunnel mode?

Features and Functionality for ESP Based Tunnel:

ESP (Encapsulating Security Payload) is a way to encapsulate and decapsulate packets inside of a UDP wrapper (port 4500) for traversing NATs.
Using it can improve the performance of UDP-streaming applications like VoIP. For more information on ESP, see RFCs 2406 and 3948 .

  • ESP encapsulation is the default setting for newly defined communities.
  • UDP port 4500 must be open in network firewalls for traffic to and from the appliance.
  • ESP uses AES128/MD5 and for FIPS enabled devices encryption used is AES256/SHA256.
  • LZ4 compression is used for ESP/SSL based tunnel.
  • If ESP fails or if the client does not support it, then the SSL tunnel is automatically used instead.
  • log messages will indicate UDP port 4500 packets for ESP traffic and TCP port 443 packets for SSL tunnel packets .
  • ESP is per community based and could be enabled for all network traffic or for UDP traffic only.

Related Articles

  • SMA100 End of Support No-Charge Replacement FAQ
    Read More
  • SMA1000: Post upgrade to 12.5.0 on AWS and Azure, we show the error Could not retrieve the DNS settings once we log in to AMC/CMS console
    Read More
  • Firmware version required to upgrade to version 12.5.0.
    Read More

Categories

Secure Mobile Access
SMA 1000 Series
not finding your answers?
Ask the Community