03-31-2008 07:01 AM - edited 03-09-2019 08:24 PM
I have following Ports required but when I enabled NAT-T on client side (I think server is ON by default)
It can't connect(no prompt for username) just hangs and time out.
protocol 50 and 51
udp 500
udp 4500
do I need more?
Again, It connects fine with NAT-T disabled, and no go with NAT-T enabled.
03-31-2008 07:51 AM
Hi dae,
"I think server is ON by default"
I assume you are trying to establish VPN connection to a Cisco device correct? Then you should issue the following command to enable NAT-T on device
crypto isakmp nat-traversal 20
Regards
03-31-2008 08:02 AM
sorry, I meant to ask what are the required ports.
do I need any other ports other than what I've said in the first post?
thanks
03-31-2008 08:23 AM
4500 and 500 are enough for NAT-T over UDP. For NAT-T over TCP, you also need TCP port 10000
03-31-2008 10:24 AM
on PIX ADSM setting it doesn't differenciate UDP or TCP NAT-T.
which one am I enabled?
04-01-2008 07:32 AM
dae,
I cant remember the exact screen in ASDM, but to enable it, you type the following in CLI
cyrpto isakmp nat-traversal 20
This enables NAT-T and it uses UDP by default. To use TCP, you need the following command
isakmp ipsec-over-tcp port 10000
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
