Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

IPSEC and NAT-T traversal

I have a central 3000 Concentrator connected to 2 private LANs. It sits behind an Internet facing PIX which is using NAT to NAT the Concentrators outside IP address to a Public address.

The Concentrator is to use an IPSEC VPN to a remote PIX.

Do I have to check the NAT-T option in the Concentrator LAN-to-LAN config ?

Do I have to configure NAT-T on the remote PIX ?, if so how is this done ?

regards

2 REPLIES
New Member

Re: IPSEC and NAT-T traversal

Yes turn it on for the CVPN3K, It wont hurt anyway.

For the pix the command is "isakmp nat-traversal"

Be sure to allow UDP 4500 into the outside interface of the pix.

Cisco Employee

Re: IPSEC and NAT-T traversal

Hello,

You don't need to enable Nat-T for 1-to-1 Nat situations. It's used when Patting is configured. However, enabling Nat-T doesn't hurt.

Here is a link on Nat-T

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html

Hope that helps! If so, please rate.

Thanks

311
Views
0
Helpful
2
Replies
CreatePlease to create content