Problem with UDP Nat-T

Unanswered Question
Oct 11th, 2007

Has anyone else seen a problem with the Cisco VPN client versions 4.8 and 5.0. We have always used the NAT-T successfully. After upgrading to version 4.8 and 5.0 the UDP connections no longer work. TCP works but UDP doesn't. All of the previos older clients work just fine. Anyone else seen this.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Wed, 10/17/2007 - 10:50

IKE fragmentation on the Cisco VPN client 4.0.5.D and above is broken for UDP, and fragmentation at IP level is used instead, IKE fragmentation seems to work correctly for TCP encapsulated IKE packets (which are TCP/500), configuring TCP encapsulation could be used as a workaround. Change that affect the packets going from the main location to the spokes on the port UDP 500. When you enable nat-t you allowed the connection on a different port letting the other routers to be aware of it and try another port for connection.

Actions

This Discussion