Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
1
Replies

NAT-T Please explain

James Hoggard
Level 1
Level 1

‎06-12-2014 11:41 AM

Hi,

 

I have seen the following option on the Cisco ASA and Fortigate. NAT-T I always leave this option unselected.

When would you use this option as I thought between site to site IPSEC you don't NAT and create a policy or ACL to define the interesting traffic. You don't want it to NAT to a public IP correct?

I'm guessing lets say you have a LAN subnet of 192.168.1.0 /24 it will NAT this to another private IP as it goes other the tunnel?

Why would you ever want to do this is it if both the LAN's are on the same subnet? also does this option have to be enabled at each side for the tunnel to come up?

Labels:
0 Helpful
1 Reply 1

nkarthikeyan
Level 7
Level 7

‎06-12-2014 11:08 PM

Hi James,

This requires when multiple clients uses the same NAT address ( Source Address) to reach/connect with the VPN Server. And more over the below mentioned post in learning network portal explained it better.

https://learningnetwork.cisco.com/thread/36740

Hope this clears your doubt.

 

Regards

Karthik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents