Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Forcing Cisco VPN client to use NAT-T

Is there a way to force the VPN client to use NAT-T when the device isn't NATed but ESP is otherwise blocked?

My VPN client connects but tries to use ESP, even though IPSec over UDP is selected, after detecting that no NAT is taking place.

5 REPLIES

Re: Forcing Cisco VPN client to use NAT-T

James,

Nope - it's negotiated in IKE, it's an option to detect devices that do not support VPN Pass-Thru.

HTH.

Community Member

Re: Forcing Cisco VPN client to use NAT-T

Thanks. Is there an option I can set on my ASA to achieve this from the other end? :-)

Re: Forcing Cisco VPN client to use NAT-T

Again - nope, all you can do it disable NAT-T from either using UDP or TCP or both. But then that would break it for devices who do not support VPN PassThru.

HTH.

Community Member

Re: Forcing Cisco VPN client to use NAT-T

Thanks. Using Linux's 'vpnc' as the VPN client provides a "force-natt" option which does the trick so a little disappointed I can't do it with the Cisco client.

I also found references to a feature request #CSCdz58488 so I thought it may have been implemented in the current VPN client.

Re: Forcing Cisco VPN client to use NAT-T

When you have a bunch of very bright people in the open source community writing apps, they will just do it as it seems like a good idea.

Cisco & feature requests.....are business driven!

512
Views
0
Helpful
5
Replies
CreatePlease to create content