Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

IPsec over NAT-T

Dear All,

Site to Site VPN tunnel and Anyconnect , IPsec VPN are configured on the ASA-5520 device. Currently IPsec over TCP/UDP on port 10000 is enabled.

I would like to enable IPsec over NAT-T in addition. If I do that what will happen to the existing site to site VPN tunnel, Anyconnect and IPsec VPN.

Will this setting (IPsec over NAT-T) disturb the IPsec VPN using Transparent Tunneling over TCP and UDP??

Whether Site to Site VPN Tunnel will distrub which doesn't have the NAT-T enabled in Crypto Maps

Lookinf forward for your comments

Refer the attachment on page no 7/30 IPsec NAT-T.


Balajirajah P B

Cisco Employee

Re: IPsec over NAT-T


> Will this setting (IPsec over NAT-T) disturb the IPsec VPN using  Transparent Tunneling over TCP and UDP??

As the document says, for Remote Access VPN connections with both NAT-T and IPSec over UDP enabled, if the client is behind a NAT device, then NAT-T is used and if it is not, then IPSed over UDP is used. So, if your client connecting to the ASA is behind a NATing device, only then connections are different.

Regarding Site to Site tunnels, IPSec over TCP/UDP never comes into the picture. So NAT-T (IPSec over UDP 4500) will come into effect if there is a NATing device in the path betweent the 2 VPN peers. Hope this helps.

Let me know if you feel there is something unanswered.

All the best!



CreatePlease to create content