I need to connect site-to-site VPN to a Cisco Meraki device, with my side is a Cisco ASA-X Firewall.
I was told by my client that the only way to establish to connect to their Meraki device is if i turn on "NAT-T NAT traversal" on my Cisco ASA-X
However, the only way i find to enable NAT traversal is to put crypto isakmp nat-traversal 3600 as a global command.
What i am worried is that since my current other site-to-site VPN tunnels on my ASA does not have NAT traversal, by enabling NAT traversal globally at my ASA, is this going to impact their tunnels?
you can disable NAT-T on a per VPN basis. use the following as an example of how to.
crypto map outside_map 5 set nat-t-disable
Please remember to select a correct answer and rate helpful posts
This is not going to impact your other tunnels at all!!!
This NAT-T functionality will allow the ASA to detect devices behind a NAT and will use UDP port 4500 instead of UDP 500.
The current peers that are not behind a nat device will just work as usual with UDP port 500.
If you would like to know more about how NAT-T works you can check this documentation:
Regards, please rate!