Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 3040 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPsec tunnel - tcp option 76 & 78

balletbob
Hi,

I've setup an IPsec tunnel between a SG120 and UTM 425 but now my Riverbed appliance can't optimize traffic.
Traffic outside of the IPsec tunnel is optimized just fine.
[:S]

Doing some research shows Cisco ASA IPsec tunnels need to be configured to permit TCP option 76 and TCP option 78 so the Riverbed appliances in full transparency mode work.
Article here

I suspect this is required for the Sophos UTM IPsec tunnels as well.

How can I check and tell the UTM to allow this?

Thanks

Damien


This thread was automatically locked due to age.
Parents
  • 0
    Over the years, this has come up a few times.  As this isn't something configurable from the front-end, no resolution was ever found.  Looking at the documentation for StrongSwan (the software UTM uses for IPSec), I'm not seeing any configuration possibilities for TCP Options.

    Since you have appliances, you must have a paid license.  If so, you really need to open up a support case for this one.  When you do, explain in detail about TCP Options and what your Riverbed appliance is doing, as there's every chance they won't initially understand without explanation.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0
    Over the years, this has come up a few times.  As this isn't something configurable from the front-end, no resolution was ever found.  Looking at the documentation for StrongSwan (the software UTM uses for IPSec), I'm not seeing any configuration possibilities for TCP Options.

    Since you have appliances, you must have a paid license.  If so, you really need to open up a support case for this one.  When you do, explain in detail about TCP Options and what your Riverbed appliance is doing, as there's every chance they won't initially understand without explanation.
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Unfiltered HTML