ASA and nat-t

Unanswered Question
Apr 23rd, 2010


I don't see "no crypto isakmp nat-traversal" in my config, but I also don't see "isakmp nat-traversal" in my config either. Most times, the default doesn't show up in the running config, so I have a question. I have 8.0(4) on a 5520 that we use for VPN, and it has about 250 sessions on it at all times. I have ONE problem with newer versions of a Verizon aircard that has a Gobi 2000 chipset. I know that Cisco doesn't support Windows 7 and the VPN client on a WWAN card, but the problem seems to act like nat-traversal isn't enabled. The user can connect, get an address from the ASA, but then they can't pass traffic at all. My next step was to manually configure nat-traversal, but I want to make sure that they existing sessions won't drop. Has anyone done this in a running environment before, and did you drop sessions?

On a side note, has anyone been able to get these Gobi 2000 cards to work? They're running the latest VPN client on Windows 7. (



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mvsheik123 Fri, 04/23/2010 - 10:38


Configuring 'nat-traversal' will not drop any connection/sessions, but the users who has issues (that get an address from the ASA, but then they can't pass traffic at all) may need to disconnect and reconnect. No exp with Gobi 200 cards.




This Discussion