Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT traversal vs. ipsec-over-tcp.

Does anyone know if the "crypto isakmp nat-traversal" command is mutually exclusive with the "crypto isamkp ipsec-over-tcp" command?

We use ipsec-over-tcp in our VPN configuration, but one of our users is having difficulty with large file copy via scp. It has been suggested that we use nat traversal to overcome this, and I know that you have to configure the client and the ASA firewall the same way relative to one option over the other. But researching both commands, I can't find anything that says they cannot be used simultaneously, side by side. Some VPN users operating via NAT traversal, and some via ispec-over-tcp. Anyone know if they can be configured simultaneously in the PIX? Any issues? Any additional config relations that need to be defined if you do operated them simultaneously?

Thanks for any help....!

GJ

1 REPLY

Re: NAT traversal vs. ipsec-over-tcp.

It's not.

crypto isakmp nat-traversal - enables the RFC UDP4500 port to be used for NAT-T.

crypto isamkp ipsec-over-tcp - can be used together or singular.

HTH>

305
Views
0
Helpful
1
Replies