I am trying to connect to a VPN concentrator that is behind a 2600 router using NAT-T. I have 2 ports open for the NAT-T setup. Port UDP 500 and Port UDP 4500. My access-list are setup to allow traffic NAT from a public ip to a 10.100.1.2 ip of the public interface for the VPN Concentrator. When I attempt to connect then do a sh access-list I have matches on the UDP port 500 but, the 4500 port is not showing any match attempts fromt he outside. It is like My software or computer is not even trying to connect using that port. Any Ideas????
Make sure you've not only configured NAT-T on the concentrator but also that NAT-T is allowed through the public filter (on the public facing interface) on the concentrator.
To configure NAT-T, go to the Configuration | Tunneling and Security | IPSec | NAT Transparency menu and click the box that says "IPSec over NAT-T".
To add rules for NAT-T inbound and outbound to the concentrator, go to Configuration | Policy Management | Traffic Management | Filters. Highlight the Public filter (or whichever is your public-facing interface filter), then click on "Assign Rules to Filter". Select NAT-T in and NAT-T out.
The VPN client should be configured to "Enable Transparent Tunneling" with IPSEC over UDP.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...