Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1192
Views
0
Helpful
1
Replies

IPSec VPN Questions

Lifeisbeautiful
Level 1
Level 1

‎12-13-2017 02:55 PM - edited ‎02-21-2020 06:57 AM

Hello Everyone,

 

Greetings !!

 

I have some questions in my mind and I was hopeing if you guys can answer.

 

1) Say you have to create IPSEC VPN between two FW, but say FW 1 sit behind NAT device and you need to enable NAT-T on it but FW2 has direct connection to internet (it does not site behind NAT) , so if I think you dont need to enable NAT-T on FW2. Will it work if you have FW1 NAT-T enabled and FW2 no NAT-T ? Or do you have to enable NAT-T on both FWs, will it be a problem?

 

2) If see message "Jun 09 12:11:32 [IKEv1]IP = X.X.X.X, Maximum concurrent IKE negotiations exceeded"   , when can we expect this message and if we can fix this error

 

3) If you enable DPD on on FW and on the other firewall if you disable DPD, will it cause issues for the tunnel or will it be ok.

 

Thanks in advance.

 

Maria

Labels:
0 Helpful
1 Reply 1

Murali
Level 1
Level 1

‎12-13-2017 05:06 PM

1) For NAT-T to work both ends should be enabled

 

https://supportforums.cisco.com/t5/security-documents/how-does-nat-t-work-with-ipsec/ta-p/3119442

 

2) sounds like a capacity issue

 

3) DPD should be enabled on both sides.

 

Thank You

Murali.

~Impossible is often the untried

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card