Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
718
Views
0
Helpful
2
Replies

IPSEC and NAT-T traversal

andrewgreaves
Level 1
Level 1

‎03-27-2006 07:21 AM - edited ‎02-21-2020 02:20 PM

I have a central 3000 Concentrator connected to 2 private LANs. It sits behind an Internet facing PIX which is using NAT to NAT the Concentrators outside IP address to a Public address.

The Concentrator is to use an IPSEC VPN to a remote PIX.

Do I have to check the NAT-T option in the Concentrator LAN-to-LAN config ?

Do I have to configure NAT-T on the remote PIX ?, if so how is this done ?

regards

Labels:
0 Helpful
2 Replies 2

garyb
Level 1
Level 1

‎07-21-2006 11:38 AM

Yes turn it on for the CVPN3K, It wont hurt anyway.

For the pix the command is "isakmp nat-traversal"

Be sure to allow UDP 4500 into the outside interface of the pix.

0 Helpful

hemendoz
Cisco Employee
Cisco Employee
In response to garyb

‎07-21-2006 02:12 PM

Hello,

You don't need to enable Nat-T for 1-to-1 Nat situations. It's used when Patting is configured. However, enabling Nat-T doesn't hurt.

Here is a link on Nat-T

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html

Hope that helps! If so, please rate.

Thanks

0 Helpful
Customers Also Viewed These Support Documents