cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

966
Views
0
Helpful
3
Replies
Explorer

IOS LAN2LAN IPSEC VPN with UDP Encapsulation

Is it possible to have a LAN2LAN VPN between 2 Routers but using UDP Encapsulation (NAT Transparency) instead?

I was looking for a quick example but most refer to VPN Client Solution.

3 REPLIES 3
Rising star

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

This is the default behavior for IOS based IPSec endpoints.  During the phase 1 negotiation, both devices will identify whether NAT is present in the path between peers and will utilize UDP 4500 encapsulation automatically.

Highlighted
Explorer

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

I was more looking at the commands that enable or disable this feature? Or I was wondering if you can "force" udp encapsulation even if there is no NAT in the way (for whatever security reason).

I also found the examples below.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094ecd.shtml

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftipsnat.html

Thanks.

Rising star

Re: IOS LAN2LAN IPSEC VPN with UDP Encapsulation

You can disable NAT-T support in IOS using the "no crypto ipsec nat-transparency udp-encapsulation" command.  NAT-T is negotiated between Cisco endpoints and cannot be fixed.  Without NAT-T support, IOS will continue to encap using UDP 500.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here