We have a customer whose Cisco1841 is configured with remote-access VPN. Unfortunately, they're having an issue with some of their UK based staff while trying to connect when roaming via a 3G data card. The telecom provider is Vodafone. The customer did some research and found this link:
This may or may not be of any use and you may have already set this up on the 1841 but Vodafone with 3G require that the end device support NAT-Traversal because they PAT all the traffic in their 3G cloud. From memory i believe it is UDP port 4500 you need to enable on the 1841.
Disregard my previous email re how to enable port UDP 4500 as when I checked, I've enabled IP so this shouldn't be a problem. Anyway, another question is, when I tried to connect to the customer's VPN using our internet here in the office, the transparent tunneling in the VPN status says Active on UDP 4500. But when I tried connecting to the VPN via Vodafone vodem, the transparent tunneling still shows inactive. Would you know the explanation for this?
It seems that the Cisco1841 is security bundle router which is preloaded with security IOS (firewall functionality). Based on the posting on the link above, the router need to be enabled NAT TRAVERSAL for stable VPN client connection over the 3G network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...