03-22-2010 08:43 AM - edited 02-21-2020 04:33 PM
Is it possible to have a LAN2LAN VPN between 2 Routers but using UDP Encapsulation (NAT Transparency) instead?
I was looking for a quick example but most refer to VPN Client Solution.
03-22-2010 09:54 AM
This is the default behavior for IOS based IPSec endpoints. During the phase 1 negotiation, both devices will identify whether NAT is present in the path between peers and will utilize UDP 4500 encapsulation automatically.
03-22-2010 10:49 PM
I was more looking at the commands that enable or disable this feature? Or I was wondering if you can "force" udp encapsulation even if there is no NAT in the way (for whatever security reason).
I also found the examples below.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftipsnat.html
Thanks.
03-23-2010 07:00 AM
You can disable NAT-T support in IOS using the "no crypto ipsec nat-transparency udp-encapsulation" command. NAT-T is negotiated between Cisco endpoints and cannot be fixed. Without NAT-T support, IOS will continue to encap using UDP 500.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: