Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1457
Views
0
Helpful
3
Replies

IOS LAN2LAN IPSEC VPN with UDP Encapsulation

pavlosd
Level 2
Level 2

‎03-22-2010 08:43 AM - edited ‎02-21-2020 04:33 PM

Is it possible to have a LAN2LAN VPN between 2 Routers but using UDP Encapsulation (NAT Transparency) instead?

I was looking for a quick example but most refer to VPN Client Solution.

Labels:
0 Helpful
3 Replies 3

Todd Pula
Level 7
Level 7

‎03-22-2010 09:54 AM

This is the default behavior for IOS based IPSec endpoints.  During the phase 1 negotiation, both devices will identify whether NAT is present in the path between peers and will utilize UDP 4500 encapsulation automatically.

0 Helpful

pavlosd
Level 2
Level 2
In response to Todd Pula

‎03-22-2010 10:49 PM

I was more looking at the commands that enable or disable this feature? Or I was wondering if you can "force" udp encapsulation even if there is no NAT in the way (for whatever security reason).

I also found the examples below.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftipsnat.html

Thanks.

0 Helpful

Todd Pula
Level 7
Level 7
In response to pavlosd

‎03-23-2010 07:00 AM

You can disable NAT-T support in IOS using the "no crypto ipsec nat-transparency udp-encapsulation" command.  NAT-T is negotiated between Cisco endpoints and cannot be fixed.  Without NAT-T support, IOS will continue to encap using UDP 500.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents