Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
1
Replies

NAT Trasversal feature on ISR 4321 with IOS XE SDWAN image

mayanksingh1809
Level 1
Level 1

‎06-24-2021 05:50 AM - edited ‎06-24-2021 05:51 AM

 

I am looking to integrate Cisco ISR 4321 (IOS XE SDWAN) capable router , sitting behind firewall with Zscaler Public IP's?

 

Please note that I can't provision public IP/Internet link directly on the SDWAN router. Zscaler ZEN node supports IPsec tunnels with NAT-Transversal feature.

 

Can someone please guide  if this is possible through NAT-T feature??? IPsec tunnel will use the public IP on my WAN firewall and destination as ZEN node IP in the region? What option should i choose in device templates to do NAT-transversal?? IPsec tunnels on IOS-XE-SDWAN routers are service-side tunnel..

0 Helpful
1 Reply 1

Kanan Huseynli
VIP
VIP

‎06-24-2021 11:35 AM

Hi,

 

https://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/SDWAN/zscaler-cisco-sdwan-deployment-guide-2020feb.pdf

this document describes zscaler deployment.

See 1.7.1GRE and IPsec Tunnel section, it shows that:

IKE uses UDP port 500, or in the case of NAT traversal, UDP 4500

So, basically NAT-T is supported. Config should not be different than normal, just allow UDP500/4500 on your Firewall.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents