Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1611
Views
0
Helpful
2
Replies

crypto isakmp nat-traversal

subhojithalder198
Level 1
Level 1

‎12-27-2013 07:24 AM - edited ‎03-11-2019 08:22 PM

                   Hi,

I need to enable following command in ASA

crypto isakmp nat-traversal

sysopt connection permit-vpn

As per our standard,

Pls suggest what things we need to check before & after implementation

Why the commands are used for

Br/Subhojit

Labels:
0 Helpful
2 Replies 2

Dinesh Kumar Mariappan
Level 1
Level 1

‎12-27-2013 07:52 AM

kindly some one provide the document with clear explanation about nat traversal

0 Helpful

zalkurdi
Cisco Employee
Cisco Employee

‎12-27-2013 03:37 PM

Hello,

NAT including PAT is used in many networks where IPsec is also used, but there are a number of incompatibilities that prevent IPsec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.

The "sysopt connection permit-vpn" command allows incomming VPN traffic to bypass any ACL on the outside interface. This is done so that you dont have to add any ACL to allow VPN traffic.

If you would like to know more, go to the Cisco ASA Command Reference.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card