Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
319
Views
4
Helpful
1
Replies

NAT Traversal

glenn.guzman
Level 1
Level 1

‎11-13-2007 09:22 PM - edited ‎03-09-2019 07:22 PM

Hello!!

I just want to make sure of this...

Is NAT-T enable for this IPSec session ?

Below is the Output of the "show crypto isakmp sa detail nat" command...

Can you tell me ? thx :)

UACA-VPN#show crypto isakmp sa detail nat

Codes: C - IKE configuration mode, D - Dead Peer Detection

K - Keepalives, N - NAT-traversal

X - IKE Extended Authentication

psk - Preshared key, rsig - RSA signature

renc - RSA encryption

IPv4 Crypto ISAKMP SA

C-id Local Remote I-VRF Status Encr Hash Auth DH Lifetime Cap.

2024 201.196.33.30 200.122.146.38 ACTIVE 3des sha psk 2 17:46:11 N

Engine-id:Conn-id = AIM-VPN/SSL-1:24

NAT keepalive(sec) 0

In local 201.x.x.30:4500 remote 192.168.20.15:4500

IPv6 Crypto ISAKMP SA

UACA-VPN#

Labels:
0 Helpful
1 Reply 1

thult
Level 1
Level 1

‎11-14-2007 12:54 AM

UDP Port 4500 indicates NAT-T. Without NAT-T it should use UDP port 500.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents