cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6709
Views
5
Helpful
3
Replies

FTD 2130 NAT-T Disable problem

Hi all,

 

Have a problem with NAT-T. I have FTD 2130 device managed by FMC which is terminating all my VPN connections. FTD does not have PUBLIC IP attached to internet, instead I have internet router that is doing 1-to-1 static NAT without any port for VPN termination interface. In this case actually i do not need nat-t but because all my customers` devices support nat-t, it was working well without any problem until today. I must connect new third-party through internet. They use Kerio Control in their side which i think no accepting UDP 4500 connections for VPN. Now I want to disable NAT-T for solving problem but i cannot. There is no option in FMC. I tried FlexConfig but FMC does not accept my configuration as telling "Unsupported CLI". Now I am not sure whether command, really, is not supported or i am doing something wrong. Any help is appreciated. 

 

Thanks in advance!! 

1 Accepted Solution

Accepted Solutions

Although FlexConfig does not accept crypto ipsec commands i could disable NAT-T by creating FlexConfig which contained following command "no crypto isakmp nat-t". Previously I tried to delete it in ipsec phase by command "crypto map XXX set nat-t-disable" which was not accapted.

View solution in original post

3 Replies 3

Ilkin
Cisco Employee
Cisco Employee

Orkhan, salam.

 

Disabling 'Keepalive Messages Traversal' in Advanced settings of a VPN topology under Tunnel setting should fix the issue.

Salam Ilkin,

I forgot to mention that I had already done that with no result. I have found a recent bug CSCvh87734 telling that workoround is using FlexConfig but Flex does not support VPN commands. 

Although FlexConfig does not accept crypto ipsec commands i could disable NAT-T by creating FlexConfig which contained following command "no crypto isakmp nat-t". Previously I tried to delete it in ipsec phase by command "crypto map XXX set nat-t-disable" which was not accapted.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: