Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Need some help, a problem with IPSec and NAT-T

We had a successful connection between a remote-access Cisco client, and the ASA.   The connection can no longer transfer data, but Phase I and Phase II do complete successfully.   There are several hops between seperate networks to get from the remote user to the ASA, including Verizon private lines and Verizon ISP.

Cisco troubleshooting guides strongly suggest this is a NAT-T issue, but when I turn on debug isakmp 254 and debug ipsec 254, I recieve only one modest messages about NAT-T, which is "Recieved NAT-Traversal version 02 VID".   This message, and connections, are when I have NAT-T disabled on the ASA.  

If I enable NAT-T on the ASA, the remote client can not establish Phase I or II; I haven't been able to collect debugs on that scenerio yet.

The client has a second laptop, both of them exihibit  the same problem.  We have ensured that Tunneling, UPD 4500 is enabled.

I suspect an intermediate device, or Verizon, has changed something.

What should be my next troubleshooting steps (sadly, I can not post the configs) ?

Regards,

j

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Need some help, a problem with IPSec and NAT-T

In my very limited experience, both sides have to have NAT-T enabled, otherwise the side that doesn't have NAT-T enabled won't be able to read part of the IP header, since it is encrypted.

Good luck!

Pedro

2 REPLIES
Community Member

Need some help, a problem with IPSec and NAT-T

In my very limited experience, both sides have to have NAT-T enabled, otherwise the side that doesn't have NAT-T enabled won't be able to read part of the IP header, since it is encrypted.

Good luck!

Pedro

Community Member

Need some help, a problem with IPSec and NAT-T

Oddly, the problem cleared the second time I applied NAT-T; unknown why it didn't work the first time.

498
Views
5
Helpful
2
Replies
CreatePlease to create content