I'm running into an error and I hope someone can help. On AT&T I have a site-to-site VPN connection that works fine between a PIX 501 and a PIX 515. When I change ISP's to Comcast however, I begin to get an error "peer info for x.x.x.x not found." Does anyone know why changing ISP's would cause this error or what i can do to troubleshoot it? Any help that anyone can offer would be greatly appreciated as I am a bit stumped.
NAT-Traversal or NAT-T allows VPN traffic to pass through NAT or PAT devices, such as a Linksys SOHO router. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance.
If you do not enable the NAT-T in the NAT/PAT Device, you can receive the regular translation creation failed for protocol 50 src inside:10.0.1.26 dst outside:10.9.69.4 error message in the PIX/ASA.
Similarly, if you are unable to do simultaneous login from the same IP address, the Secure VPN connection terminated locally by client. Reason 412: The remote peer is no longer responding. error message appears. Enable NAT-T in the head end VPN device in order to resolve this error.
Note: With Cisco IOS Software Release 12.2(13)T and later, NAT-T is enabled by default in Cisco IOS.
Here is the command to enable NAT-T on a Cisco Security Appliance. The 20 in this example is the keepalive time (default).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...