IPSec over UDP is configured on a per group basis, while IPSec over TCP/ NAT-T is configured globally.
Configure IPSec over UDP:
On the VPN Concentrator, select Configuration > User Management > Groups.
To add a group, select Add. To modify an existing group, select it and click Modify.
Click the IPSec tab, check IPSec through NAT and configure the IPSec through NAT UDP Port. The default port for IPSec through NAT is 10000 (source and destination), but this setting may be changed.
Configure IPSec over NAT-T and/or IPSec over TCP:
On the VPN Concentrator select Configuration > System > Tunneling Protocols > IPSec > NAT Transparency.
Check the IPSec over NAT-T and/or TCP check box.
If everything is enabled, use this precedence:
IPSec over TCP.
IPSec over NAT-T.
IPSec over UDP.
To en roll the certificate follow the steps
Manually grant or reject each re-enrollment request on the Cisco IOS CA server (unless "grant auto" is used on the Cisco IOS CA server).
The Cisco IOS CA server still needs to either grant or reject each of these requests (with the assumption that the Cisco IOS CA does not have "grant auto" enabled). However, no administrative action on the enrolling router is required to start the re-enrollment process.
Save the new re-enrolled certificate in the re-enrolling VPN router, if appropriate.
If there are no unsaved configuration changes pending in the router, then the new certificate is automatically saved to the Non-Volatile RAM (NVRAM). The new certificate is written in the NVRAM and the previous certificate is removed.
If there are unsaved configuration changes pending, then you must issue the copy run start command on the enrolling router in order to save the configuration changes and the new re-enrolled certificate into the NVRAM. Once the copy run start command is completed, then the new certificate is written in the NVRAM and the previous certificate is removed.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...