cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

397
Views
0
Helpful
1
Replies
gjackson
Beginner

NAT traversal vs. ipsec-over-tcp.

Does anyone know if the "crypto isakmp nat-traversal" command is mutually exclusive with the "crypto isamkp ipsec-over-tcp" command?

We use ipsec-over-tcp in our VPN configuration, but one of our users is having difficulty with large file copy via scp. It has been suggested that we use nat traversal to overcome this, and I know that you have to configure the client and the ASA firewall the same way relative to one option over the other. But researching both commands, I can't find anything that says they cannot be used simultaneously, side by side. Some VPN users operating via NAT traversal, and some via ispec-over-tcp. Anyone know if they can be configured simultaneously in the PIX? Any issues? Any additional config relations that need to be defined if you do operated them simultaneously?

Thanks for any help....!

GJ

1 REPLY 1
andrew.prince
Advocate

It's not.

crypto isakmp nat-traversal - enables the RFC UDP4500 port to be used for NAT-T.

crypto isamkp ipsec-over-tcp - can be used together or singular.

HTH>

Content for Community-Ad