cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
494
Views
0
Helpful
1
Replies

NAT traversal vs. ipsec-over-tcp.

gjackson
Level 1
Level 1

Does anyone know if the "crypto isakmp nat-traversal" command is mutually exclusive with the "crypto isamkp ipsec-over-tcp" command?

We use ipsec-over-tcp in our VPN configuration, but one of our users is having difficulty with large file copy via scp. It has been suggested that we use nat traversal to overcome this, and I know that you have to configure the client and the ASA firewall the same way relative to one option over the other. But researching both commands, I can't find anything that says they cannot be used simultaneously, side by side. Some VPN users operating via NAT traversal, and some via ispec-over-tcp. Anyone know if they can be configured simultaneously in the PIX? Any issues? Any additional config relations that need to be defined if you do operated them simultaneously?

Thanks for any help....!

GJ

1 Reply 1

andrew.prince
Level 10
Level 10

It's not.

crypto isakmp nat-traversal - enables the RFC UDP4500 port to be used for NAT-T.

crypto isamkp ipsec-over-tcp - can be used together or singular.

HTH>

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: