Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
5
Helpful
3
Replies

isakmp nat-traversal

ronshuster
Level 1
Level 1

‎03-18-2009 07:03 AM

We have a number of lan to lan vpns and all works well as well as remote access vpn.

however there are a number of people who cannot access remote access vpn and when i add : isakmp nat-traversal 10 it works.

Any idea?

Also, when configuring site to site vpn using the wizzard (asdm) it removes the nat-travesal.

Any idea?

Labels:
0 Helpful
3 Replies 3

andrew.prince
Level 10
Level 10

‎03-18-2009 07:31 AM

NAT-T allows the negotiation of the VPN to be further encapsulated in UDP using port 4500.

This should be used when the remote end devices are performing NAT and do not understand or perform IPSEC pass-thru.

NAT-T is a global IKE setting.

HTH>

ronshuster
Level 1
Level 1
In response to andrew.prince

‎03-18-2009 10:09 AM

I understand thank you.

I guess it cannot hurt to have it turned on all the time.

Thank you again Andrew!

0 Helpful

andrew.prince
Level 10
Level 10
In response to ronshuster

‎03-18-2009 10:11 AM

np - glad to help.

0 Helpful
Customers Also Viewed These Support Documents