03-18-2009 07:03 AM
We have a number of lan to lan vpns and all works well as well as remote access vpn.
however there are a number of people who cannot access remote access vpn and when i add : isakmp nat-traversal 10 it works.
Any idea?
Also, when configuring site to site vpn using the wizzard (asdm) it removes the nat-travesal.
Any idea?
03-18-2009 07:31 AM
NAT-T allows the negotiation of the VPN to be further encapsulated in UDP using port 4500.
This should be used when the remote end devices are performing NAT and do not understand or perform IPSEC pass-thru.
NAT-T is a global IKE setting.
HTH>
03-18-2009 10:09 AM
I understand thank you.
I guess it cannot hurt to have it turned on all the time.
Thank you again Andrew!
03-18-2009 10:11 AM
np - glad to help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide