Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

isakmp nat-t

For satement: isakmp nat-t

What is it used for, or under what circumstances, should it be used?

Thanks to help.

Scott

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: isakmp nat-t

the command "isakmp nat-traversal" needs to be applied on the vpn server when the vpn client is behind a nat/pat device.

the reason being nat/pat on the client side will translate the original source ip to the nat/pat device own (public) ip. when the vpn server receives, decrypts, and examines the packet, it will come up with an error as the original source ip doesn't match the

e.g.

remote vpn client is establishing a remote vpn to a router, and the remote vpn client is behind a nat/pat device, such as a router or pix.

2 REPLIES
New Member

Re: isakmp nat-t

hi scott

Isakmp NAT traversal on the PIX will allow multiple clients behind a PAT device.

Regds

Binoy

Gold

Re: isakmp nat-t

the command "isakmp nat-traversal" needs to be applied on the vpn server when the vpn client is behind a nat/pat device.

the reason being nat/pat on the client side will translate the original source ip to the nat/pat device own (public) ip. when the vpn server receives, decrypts, and examines the packet, it will come up with an error as the original source ip doesn't match the

e.g.

remote vpn client is establishing a remote vpn to a router, and the remote vpn client is behind a nat/pat device, such as a router or pix.

838
Views
0
Helpful
2
Replies