Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS LAN2LAN IPSEC VPN with UDP Encapsulation

Is it possible to have a LAN2LAN VPN between 2 Routers but using UDP Encapsulation (NAT Transparency) instead?

I was looking for a quick example but most refer to VPN Client Solution.

  • VPN
3 REPLIES

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

This is the default behavior for IOS based IPSec endpoints.  During the phase 1 negotiation, both devices will identify whether NAT is present in the path between peers and will utilize UDP 4500 encapsulation automatically.

New Member

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

I was more looking at the commands that enable or disable this feature? Or I was wondering if you can "force" udp encapsulation even if there is no NAT in the way (for whatever security reason).

I also found the examples below.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftipsnat.html

Thanks.

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

You can disable NAT-T support in IOS using the "no crypto ipsec nat-transparency udp-encapsulation" command.  NAT-T is negotiated between Cisco endpoints and cannot be fixed.  Without NAT-T support, IOS will continue to encap using UDP 500.

868
Views
0
Helpful
3
Replies
This widget could not be displayed.