I'm running IOS 12.4(3a) on my router 2821. The router is doing NAT for certain IPs and acting as VPN L2L termination point. My network setup as follow:
My Router ------ ASA ------- Internet Router ------ Peer Router
The same interface on the router used for NAT and IPsec termination.
Actually the IPsec traffic passed all the way through the ASA firewall to the internet router finally to the destination Peer router. I?ve noticed that I have to enable NAT-T on ASA to bring the IPsec tunnel up and running, I did it and it?s up.
But now my router negotiates the ISAKMP SA on port 4500 because of NAT-T and the peer router responds back on port 500, it?s a mess, for every 100 ICMP sent packets I got almost 15 ? 20 dropped packets which it is unacceptable behavior at all.
I need to know the possibility to have a workaround to avoid NAT-T or configuring QOS.
Appreciate any useful assistance..