Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
542
Views
0
Helpful
4
Replies

Using UDP 4500 even with no NAT

slewe
Level 1
Level 1

‎01-14-2005 02:37 PM - edited ‎03-09-2019 10:00 AM

Is there a way to force ESP to use udp 4500 on a Pix or IOS Router even though there is no NAT/PAT between the two VPN endpoints? It seems that even thought I hard code udp-encapsulation, it still uses ESP because NAT/PAT is not detected.

Labels:
0 Helpful
4 Replies 4

ehirsel
Level 6
Level 6

‎01-16-2005 09:34 PM

What version of pix code and ios code are you using? Is there another type of vpn endpoint that is not running ios or pix code that you are testing with, such as a Linksys router? Or are the two endpoints using only pix and/or ios code?

0 Helpful

slewe
Level 1
Level 1
In response to ehirsel

‎01-17-2005 12:39 AM

I am using Pix 6.3.4 and IOS 12.3.12. No other endpoints at this time. Just the Pix and IOS router.

0 Helpful

ehirsel
Level 6
Level 6
In response to slewe

‎01-18-2005 08:00 AM

This URL is helpful in describing how NAT-T works.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bca.html#1049093

Basically nat-d packets are used to detect whether or not a nat/pat devices exists and only if one does exisit, detected by comparing hash-values, is nat-traversal used, otherwise it is not.

Thus according to the standard, using udp port 4500 will only be done if there is a nat/pat device otherwise the standard ESP protocol (id=50) is used.

Let me know if you need more help.

0 Helpful

slewe
Level 1
Level 1
In response to ehirsel

‎01-18-2005 09:27 AM

Thanks! That answers my question.

0 Helpful
Customers Also Viewed These Support Documents