https://community.cisco.com/t5/network-security/nat-traversal/m-p/3872855#M531411 <P>Hi Varrao,</P><P>&nbsp;</P><P>In this case, does NAT-T will cause any issues while establishing phase-1 tunnel between the end-clients ?&nbsp;</P><P>&nbsp;</P><P>In my scenario, I could see the Tunnel got established but I do not see any Tx and Rx bytes under the VPN Session.&nbsp;</P><P>&nbsp;</P><P>Thanks in Advance..</P> Fri, 14 Jun 2019 06:12:37 GMT thanghadurai.shanmughem1 2019-06-14T06:12:37Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772376#M531406 <P>What is the exact use of nat traversal .Can anyone explain with a scenario.</P> Mon, 11 Mar 2019 21:22:28 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772376#M531406 prashantrecon 2019-03-11T21:22:28Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772377#M531407 <HTML><HEAD></HEAD><BODY><P>Hi Prashant,</P><P></P><P>I woudl be able to explain you in detail, if you can let me know what are you trying to accomplish on the device and with whihc device are you working with.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 09 Sep 2011 06:25:12 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772377#M531407 varrao 2011-09-09T06:25:12Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772378#M531408 <HTML><HEAD></HEAD><BODY><P>Hi varun,</P><P></P><P>we are using asa 5520 in our environment.I&nbsp; am&nbsp; facing a problem ie&nbsp; able to connect to vpn from outside network to lan but not able to take a remote of lan pc from particular network connection (airtel isp).</P><P></P><P>But when i try this from other service provider like reliance i am able to take remote.</P></BODY></HTML> Fri, 09 Sep 2011 06:52:05 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772378#M531408 prashantrecon 2011-09-09T06:52:05Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772379#M531409 <HTML><HEAD></HEAD><BODY><P>Hi Prashant,</P><P></P><P></P><DIV class="mcePaste" id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow: hidden;"><TABLE class="messageDiv"><TBODY><TR class="msg"><TD class="msgText"><SPAN style="font-family: Verdana; font-size: 10pt;">this is under the VPN Profile ur&nbsp; connecting to on the transport tab</SPAN></TD><TD class="timeStamp">12:30 PM</TD></TR><TR class="msg seperator_dotted"><TD class="msgText"><SPAN style="color: #000000; font-size: 10pt;"><A href="http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/c5.html#wp2264331">http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/c5.html#wp2264331</A></SPAN></TD><TD class="timeStamp">12:31 PM</TD></TR><TR class="msg seperator_dotted"><TD class="msgText"><SPAN style="font-family: Verdana; font-size: 10pt;">by default on ASA NAT-T is&nbsp; enabled</SPAN></TD><TD class="timeStamp"> <SPAN style="display: none;">12:32 PM</SPAN></TD></TR><TR class="msg seperator_dotted"><TD class="msgText"><SPAN style="color: #000000; font-size: 10pt;">crypto isakmp&nbsp; nat-traversal is the command</SPAN></TD></TR></TBODY></TABLE></DIV><P>If a remote client is coming from a direct public ip address.. like a publically hosted server, then it connects over the tunnel like the regular tunnel establishes.. over UDP port 500, but if a client comes from behind a NATd ip address.. like airtel ADSL modem.. where u have a priv ip address.. but ISP PATs/NATs it.., then it connects over UDP 500.. but is encapsulated by another header.. the NAt-T header.</P><P><BR />and it communicates over UDP 4500...&nbsp; then on the headend device.. like ASA you need to have NAT-T enabled&nbsp; </P><P></P><P>when u have NAT-T enabled.. both NATd clients and clients with public ip will be able to connect </P><P></P><P>but if u dont then only clients wih public ip will b able to conenct</P><P></P><P>and also on the VPN client.. u need to have a check on&nbsp; <BR />Enable Transparent Tunneling&nbsp; <BR />and the radio button should be selected for IPSEC over UDP (NAT/PAT) </P><P></P><P>this is under the VPN Profile ur connecting to on the transport tab <BR /><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/c5.html#wp2264331">http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/c5.html#wp2264331</A><SPAN> </SPAN></P><P><BR />by default on ASA NAT-T is enabled&nbsp; <BR />crypto isakmp nat-traversal is the command </P><P></P><P>I hope this helps.</P><P></P><P>Thanks,</P><P>Varun</P></BODY></HTML> Fri, 09 Sep 2011 07:33:46 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/1772379#M531409 varrao 2011-09-09T07:33:46Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/3872847#M531410 <P>Hi Varrao,</P><P>&nbsp;</P><P>In this case, does NAT-T will cause any issues while establishing phase-1 tunnel between the end-clients ?&nbsp;</P><P>&nbsp;</P><P>In my scenario, I could see the Tunnel got established but I do not see any Tx and Rx bytes under the VPN Session.&nbsp;</P><P>&nbsp;</P><P>Thanks in Advance..</P> Fri, 14 Jun 2019 05:35:33 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/3872847#M531410 thanghadurai.shanmughem1 2019-06-14T05:35:33Z https://community.cisco.com/t5/network-security/nat-traversal/m-p/3872855#M531411 <P>Hi Varrao,</P><P>&nbsp;</P><P>In this case, does NAT-T will cause any issues while establishing phase-1 tunnel between the end-clients ?&nbsp;</P><P>&nbsp;</P><P>In my scenario, I could see the Tunnel got established but I do not see any Tx and Rx bytes under the VPN Session.&nbsp;</P><P>&nbsp;</P><P>Thanks in Advance..</P> Fri, 14 Jun 2019 06:12:37 GMT https://community.cisco.com/t5/network-security/nat-traversal/m-p/3872855#M531411 thanghadurai.shanmughem1 2019-06-14T06:12:37Z