Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
361
Views
0
Helpful
1
Replies

NAT Traversal on a Cisco 881W router

burleyman
Level 8
Level 8

‎10-03-2014 12:28 PM - edited ‎03-04-2019 11:53 PM

I am running c880data-universalk9-mz.124-20.T4.bin on a Cisco881W router and an ASA5512 with asa915-smp-k8.bin

I need to setup a site to site IPSEC VPN tunnel and not NAT the traffic.

Does the Cisco881W support NAT traversal or don't I need that? If not how would I configure?

 

Mike

Labels:
0 Helpful
1 Reply 1

ghostinthenet
Level 7
Level 7

‎10-03-2014 02:56 PM

The 881W supports NAT Traversal, but that's really used for running an IPSec endpoint behind another NAT device.

If you just want to make sure that the 881W doesn't NAT IPSec traffic to your ASA, you can do that by denying the IPv4 source and destination addresses in the NAT ACL on the router.

For example, if your IPSec VPN on the 881W sends traffic from 192.168.0.0/24 to 192.168.1.0/24, your NAT configuration would look something like this:

ip nat inside source list ACL_WAN_NAT interface FastEthernet4 overload
!
ip access-list extended ACL_WAN_NAT
 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any

With this NAT configuration, traffic from 192.168.0.0/24 to 192.168.1.0/24 will be unmodified while all other traffic from 192.168.0.0/24 will be subject to NAT.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card