12-27-2013 07:24 AM - edited 03-11-2019 08:22 PM
Hi,
I need to enable following command in ASA
crypto isakmp nat-traversal
sysopt connection permit-vpn
As per our standard,
Pls suggest what things we need to check before & after implementation
Why the commands are used for
Br/Subhojit
12-27-2013 07:52 AM
kindly some one provide the document with clear explanation about nat traversal
12-27-2013 03:37 PM
Hello,
NAT including PAT is used in many networks where IPsec is also used, but there are a number of incompatibilities that prevent IPsec packets from successfully traversing NAT devices. NAT traversal enables ESP packets to pass through one or more NAT devices.
The "sysopt connection permit-vpn" command allows incomming VPN traffic to bypass any ACL on the outside interface. This is done so that you dont have to add any ACL to allow VPN traffic.
If you would like to know more, go to the Cisco ASA Command Reference.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide