Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

crypto isakmp nat-traversal

                   Hi,

I need to enable following command in ASA

crypto isakmp nat-traversal

sysopt connection permit-vpn

As per our standard,

Pls suggest what things we need to check before & after implementation

Why the commands are used for

Br/Subhojit

2 REPLIES

crypto isakmp nat-traversal

kindly some one provide the document with clear explanation about nat traversal

Cisco Employee

crypto isakmp nat-traversal

Hello,

NAT including PAT is used in many networks where IPsec is also used, but there are a number of incompatibilities that prevent IPsec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.

The "sysopt connection permit-vpn" command allows incomming VPN traffic to bypass any ACL on the outside interface. This is done so that you dont have to add any ACL to allow VPN traffic.

If you would like to know more, go to the Cisco ASA Command Reference.

378
Views
0
Helpful
2
Replies