Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

NAT Traversal on a Cisco 881W router

I am running c880data-universalk9-mz.124-20.T4.bin on a Cisco881W router and an ASA5512 with asa915-smp-k8.bin

I need to setup a site to site IPSEC VPN tunnel and not NAT the traffic.

Does the Cisco881W support NAT traversal or don't I need that? If not how would I configure?




The 881W supports NAT

The 881W supports NAT Traversal, but that's really used for running an IPSec endpoint behind another NAT device.

If you just want to make sure that the 881W doesn't NAT IPSec traffic to your ASA, you can do that by denying the IPv4 source and destination addresses in the NAT ACL on the router.

For example, if your IPSec VPN on the 881W sends traffic from to, your NAT configuration would look something like this:

ip nat inside source list ACL_WAN_NAT interface FastEthernet4 overload
ip access-list extended ACL_WAN_NAT
 deny ip
 permit ip any

With this NAT configuration, traffic from to will be unmodified while all other traffic from will be subject to NAT.