Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
503
Views
0
Helpful
3
Replies

NAT-T question on ASA

mjsully
Level 1
Level 1

‎02-12-2009 05:44 PM

I have an ASA that currently has about 100 IPSEC tunnels coming into it. NAT-T is not enabled on the ASA. We have a new customer coming on that is asking for us to enable NAT-T as apparently they have a NAT device on their side in between. My question is, if I enable it on our ASA, what does it do to all the tunnels that don't require it? Is there a way to only run it on this one new tunnel?

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎02-13-2009 03:44 AM

NAT-T is negotiated at Phase 1 IKE. If you have tunnels that do not require it, they will not use it.

HTH>

0 Helpful

mjsully
Level 1
Level 1
In response to andrew.prince

‎02-13-2009 08:25 AM

thanks. does anyone know if its possible to enable it for just the one tunnel, or does it only get enabled "globally"?

0 Helpful

andrew.prince
Level 10
Level 10
In response to mjsully

‎02-13-2009 08:28 AM

It's a global command - so no, you cannot enable on a per tunnel basis.

0 Helpful
Customers Also Viewed These Support Documents