Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

DMVPN tunneling behind NAT

Hi All,

My customer has 3 sites. Each site connects to the internet with a PIX. They have routers behind the PIXes and they want to do ipsec with dynamic routing between these sites.

I was thinking about setting up DMVPN for them, but can't get it work from behind the firewalls. Router private addresses are static NAT-ed and the ACLs on the firewalls do allow ipsec traffic for the routers. ISAKMP seems to be ok, but the crypto sa is not.

What would be the best way to do this?

Is this a supported scenario at all?

Thanks,

Attila

1 REPLY
New Member

Re: DMVPN tunneling behind NAT

What version of IOS are you using?

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455c72.html

This shouldn't be a problem with NHRP/DMVPN, but you might want to check your code versions/configuration to confirm that you will be able to traverse a NAT.

Rob

97
Views
0
Helpful
1
Replies
CreatePlease login to create content