03-22-2010 08:43 AM - edited 02-21-2020 04:33 PM
Is it possible to have a LAN2LAN VPN between 2 Routers but using UDP Encapsulation (NAT Transparency) instead?
I was looking for a quick example but most refer to VPN Client Solution.
03-22-2010 09:54 AM
This is the default behavior for IOS based IPSec endpoints. During the phase 1 negotiation, both devices will identify whether NAT is present in the path between peers and will utilize UDP 4500 encapsulation automatically.
03-22-2010 10:49 PM
I was more looking at the commands that enable or disable this feature? Or I was wondering if you can "force" udp encapsulation even if there is no NAT in the way (for whatever security reason).
I also found the examples below.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftipsnat.html
Thanks.
03-23-2010 07:00 AM
You can disable NAT-T support in IOS using the "no crypto ipsec nat-transparency udp-encapsulation" command. NAT-T is negotiated between Cisco endpoints and cannot be fixed. Without NAT-T support, IOS will continue to encap using UDP 500.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide