Hi all,
Cisco devices using the NAT-T detection by default and you cannot disable this behaviour as it saves overhead by not encapsulating packets using UDP encapsulation while there is no NAT devices in between, so the proper way is to use NAT-T, But for the software clients it doesn't support NAT-T and works directly using the UDP encapsulation
By default, the Easy VPN hardware client and server encapsulate IPSec in User Datagram Protocol (UDP) packets. Some environments, such as those with certain firewall rules, or NAT and PAT devices, prohibit UDP. To use standard Encapsulating Security Protocol (ESP, Protocol 50) or Internet Key Exchange (IKE, UDP 500) in such environments, you must configure the client and the server to encapsulate IPSec within TCP packets to enable secure tunneling. If your environment allows UDP, however, configuring IPSec over TCP adds unnecessary overhead
