Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Traffic does not pass through the IPsec VPN tunnels on the Cisco ASA across a NAT/PAT device
Since the Adaptive Security Appliance (ASA) 5500 sits behind a Network Address Translation (NAT)/Port Address Translation (PAT) device, the VPN peers (clients as well as LAN-to-LAN peers) either cannot connect or cannot pass traffic.
Encapsulating Security Payload (ESP) is not compatible with the NAT. When a VPN peer sends an ESP packet that gets NATed on the way, the remote peer discards that packet, assuming it is coming from an unauthorized source.
To resolve this problem configure IPSec NAT Transparency on the ASA, VPN clients and other VPN peers. On the ASA, issue the isakmp nat-traversalcommand.
In addition, make sure that UDP port 500 and 4500 are allowed through the NAT/PAT device.