Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN through NAT

Hello

This is my scenario:

Internet - router Cisco 836-- FW appli.

I've configured NAT in my router

Ports UDP 500,4500,2746

Ports TCP 256,264,1723

Portocol 50

It seems that works but in my router log I see some messages about ESP NAT translations.

*Mar 4 02:52:29.641: NAT: IPSec: inside host (172.0.0.16) is trying to open an ESP conn to 83.131.93.2, cannot process request from 172.0.0.16

*Mar 4 02:52:59.633: NAT: IPsec: using mapping to create outbound ESP IL=172.0.0.16, SPI=A395EEB3, IG=113.96.3.**

*Mar 4 02:52:59.637: NAT: IPSec: inside host (172.0.0.16) is trying to open an ESP conn to 83.***.66.2, cannot process request from 172.0.0.16

Are there messages right in an IPSEC NAT Process

thanks

4 REPLIES
Bronze

Re: VPN through NAT

After the connection and authentication completes, the client does not receive any traffic for over a minute while NAT cycles thru these messages:

*Mar 4 02:52:29.641: NAT: IPSec: inside host (172.0.0.16) is trying to open an ESP conn to 83.131.93.2, cannot process request from 172.0.0.16

*Mar 4 02:52:59.633: NAT: IPsec: using mapping to create outbound ESP IL=172.0.0.16, SPI=A395EEB3, IG=113.96.3.**

*Mar 4 02:52:59.637: NAT: IPSec: inside host (172.0.0.16) is trying to open an ESP conn to 83.***.66.2, cannot process request from 172.0.0.16

Gold

Re: VPN through NAT

just wondering if you are doing port forward or 1-1 ip nat. with ip 50 (i.e esp), you'll need a 1-1 ip nat.

Gold

Re: VPN through NAT

just wondering how you go.

New Member

Re: VPN through NAT

Hello Guys,

I'm facing the same problem on a 2811 router.

Did anyone find a solution for it?

Thank you.

277
Views
0
Helpful
4
Replies