Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
5
Replies

Forcing Cisco VPN client to use NAT-T

james.davis
Level 1
Level 1

‎05-15-2008 07:05 AM - edited ‎02-21-2020 03:43 PM

Is there a way to force the VPN client to use NAT-T when the device isn't NATed but ESP is otherwise blocked?

My VPN client connects but tries to use ESP, even though IPSec over UDP is selected, after detecting that no NAT is taking place.

Labels:
0 Helpful
5 Replies 5

andrew.prince
Level 10
Level 10

‎05-15-2008 07:41 AM

James,

Nope - it's negotiated in IKE, it's an option to detect devices that do not support VPN Pass-Thru.

HTH.

0 Helpful

james.davis
Level 1
Level 1
In response to andrew.prince

‎05-15-2008 07:43 AM

Thanks. Is there an option I can set on my ASA to achieve this from the other end? :-)

0 Helpful

andrew.prince
Level 10
Level 10
In response to james.davis

‎05-15-2008 07:47 AM

Again - nope, all you can do it disable NAT-T from either using UDP or TCP or both. But then that would break it for devices who do not support VPN PassThru.

HTH.

0 Helpful

james.davis
Level 1
Level 1
In response to andrew.prince

‎05-15-2008 08:04 AM

Thanks. Using Linux's 'vpnc' as the VPN client provides a "force-natt" option which does the trick so a little disappointed I can't do it with the Cisco client.

I also found references to a feature request #CSCdz58488 so I thought it may have been implemented in the current VPN client.

0 Helpful

andrew.prince
Level 10
Level 10
In response to james.davis

‎05-15-2008 08:07 AM

When you have a bunch of very bright people in the open source community writing apps, they will just do it as it seems like a good idea.

Cisco & feature requests.....are business driven!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents