Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure NAT Transparency

Resolution

The IPsec Network Address Translation (NAT) Transparency feature introduces support for IPsec traffic. This support allows IPsec traffic to travel through NAT or Port Address Translation (PAT) points in the network. This is done when you address many known incompatibilities between NAT, PAT, and IPsec.

IPsec NAT Transparency delivers these benefits:

  • Simplified deployment eliminates the need to know that NAT and PAT devices exist between the two IPsec end points.

  • IPsec NAT Transparency enables a complete IPsec VPN solution. NAT and PAT devices are now effectively transparent. All IPsec VPN features are available to the customer during the design and deployment of an IPsec VPN solution.

Refer to the IPSec NAT-T section of Tunneling Protocols for more information on how to use NAT Traversal (NAT-T) on the Cisco VPN 3000 Concentrator.

It depends on the client with which it exchanges data, and the VPN Concentrator can simultaneously support standard IPsec, IPsec over Transmission Control Protocol (TCP), NAT-T, and IPsec over User Datagram Protocol (UDP). When enabled, IPsec over TCP takes precedence over all the other methods.

Refer to these documents for more information:

In order to configure NAT-T on PIX/ASA version 7.x  use the isakmp nat-traversal command in global configuration mode. In version 7.2 and later, the crypto isakmp nat-traversal command replaces the isakmp nat-traversal command. 

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:44 PM
Updated by:
 
Labels (1)