Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSEC VPN Client with NATed Router


I have cisco ASA firewall that has the private IP address on the internet interface that is connected to the router. That router has the SDSL connection and has the wan IP address with subnet /29.

I have added the static nat with one of the public ip address available.

For constructing the Site to Site VPN's or Remote access VPN's is i need some more natted commands, like nat traversal, IPSEC over tcp, UDP encapsulation etc on router / firewall. if yes then what commands are needed and where to implement.

your help will be higly appriciated.


Re: IPSEC VPN Client with NATed Router

You only need those commands when a device does not understand or support VPN pass-thru - typically remote users home ADSL modems.

If you have an ACL on the router, you just need to allow thru:-

IKE - UDP 500

IPSEC - Protocol 50

The rest will take care of itself.

if you enable NAT-T this will use UDP 4500 for the IPSEC UDP ecapsulation.



Re: IPSEC VPN Client with NATed Router

In addition to Andrew's comments, you may need a static NAT on the router to NAT a public IP to the external IP address of the ASA. It sounds like it's already in place though..

CreatePlease login to create content