cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
493
Views
0
Helpful
3
Replies

NAT-T question on ASA

mjsully
Level 1
Level 1

I have an ASA that currently has about 100 IPSEC tunnels coming into it. NAT-T is not enabled on the ASA. We have a new customer coming on that is asking for us to enable NAT-T as apparently they have a NAT device on their side in between. My question is, if I enable it on our ASA, what does it do to all the tunnels that don't require it? Is there a way to only run it on this one new tunnel?

3 Replies 3

andrew.prince
Level 10
Level 10

NAT-T is negotiated at Phase 1 IKE. If you have tunnels that do not require it, they will not use it.

HTH>

thanks. does anyone know if its possible to enable it for just the one tunnel, or does it only get enabled "globally"?

It's a global command - so no, you cannot enable on a per tunnel basis.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: