Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

vpn pass-through

We have a ASA 5540 with NAT.

A user behind ASA needs to vpn out to another cisco device on customer site.

How can we configure vpn pass through?

Thanks,

1 REPLY

Re: vpn pass-through

Your best shot is to enable Nat-T on the remote end, this will allow ESP traffic to be encapsulated over UDP 4500. If enabling nat-t on the remote end is not an option check the ipsec-pass-trough inspection engine under the global-policy map:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i2_72.html#wp1668213

322
Views
0
Helpful
1
Replies
CreatePlease to create content