Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
691
Views
0
Helpful
0
Replies

C1117-4PLTEEA IPSEC NAT-T ESP

fastkyle
Level 1
Level 1

‎07-15-2021 01:51 AM

Hi All,

 

I am having difficulty creating a proper IPSEC NAT-T configuration for my C1117-4PLTEEA ISR router running Cisco IOS XE17.03 nat-t'ing to the local siemens ruggedcom firewall.

 

I have created the dynamic nat rules that allow outgoing internet connectivity,

I have enabled the ip nat service esp

I have created ip nat source static udp firewall-wan-ip-addr 500 interface cellular 0/2/0 50

I have created ip nat source static udp firewall-wan-ip-addr 4500 interface cellular 0/2/0 4500

I have created ip nat source static esp firewall-wan-ip-addr interface cellular 0/2/0 

 

I have an acl on the esp traffic allowing any

 

Are there any specific guides for this version of the Cisco IOS firmware and natting IPSEC along side a traditional office gateway nat. I have searched extensively and have struggled to find this.

 

The current configuration i have partially works in that some of the VPN setup traffic is being natted to the firewall, port 500 seems to work and the logs on the firewall show that IPSEC vpn begins setup until it gets to the stage where it expects ESP traffic and at that point the VPN setup process fails.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card