Cisco Community
English
Register
LEARN MORE about Cisco's cybersecurity announcements this week
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1630
Views
5
Helpful
2
Replies
huntlee
huntlee Beginner
Beginner
‎02-20-2016 03:09 PM
‎02-20-2016 03:09 PM

NAT-T affects other VPN tunnels?

Hi all,

I need to connect site-to-site VPN to a Cisco Meraki device, with my side is a Cisco ASA-X Firewall.

I was told by my client that the only way to establish to connect to their Meraki device is if i turn on "NAT-T NAT traversal" on my Cisco ASA-X

However, the only way i find to enable NAT traversal is to put crypto isakmp nat-traversal 3600 as a global command.

What i am worried is that since my current other site-to-site VPN tunnels on my ASA does not have NAT traversal, by enabling NAT traversal globally at my ASA, is this going to impact their tunnels?

Cheers,

Hunt

Labels:
0 Helpful
Reply
2 REPLIES 2
Marius Gunnerud
VIP Advocate Marius Gunnerud VIP Advocate
VIP Advocate
‎02-21-2016 01:18 PM
‎02-21-2016 01:18 PM

you can disable NAT-T on a

you can disable NAT-T on a per VPN basis.  use the following as an example of how to.

crypto map outside_map 5 set nat-t-disable

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Reply
Highlighted
Diego Lopez
Diego Lopez Beginner
Beginner
‎02-21-2016 07:40 PM
‎02-21-2016 07:40 PM

Hello,

Hello,

This is not going to impact your other tunnels at all!!!

This NAT-T functionality will allow the ASA to detect devices behind a NAT and will use UDP port 4500 instead of UDP 500.

The current peers that are not behind a nat device will just work as usual with UDP port 500.

If you would like to know more about how NAT-T works you can check this documentation:

https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

Regards, please rate!

0 Helpful
Reply
Latest Contents
How to find/get the registration key from FTD
Created by Eahwar34 on 12-06-2019 03:14 AM
0
0
0
0
We are in need of finding registration key used for our FTD , unfortunately we have forget the key and also it is encrypted . How to find the key from FTD ?
ISE My Devices & Sponsor Portal as a User Change Password Po...
Created by Jason Kunst on 12-05-2019 10:24 AM
0
0
0
0
This is to address those customers coming to ISE from ACS or new to ISE that need a password change portal (UCP) What are the licensing requirements for this solution? My Devices - For using the password change with My Devices you need plus licenses as ... view more
WHITEPAPER - Firepower Threat Defense Cloud Management with ...
Created by Marvin Rhoads on 11-29-2019 07:57 PM
0
10
0
10
  Overview   In this paper we will document the configuration and operation of an integrated solution that includes identity management, firewall, cloud-based management, and cloud-based logging. We will use the following Cisco products: Fu... view more
How Does Cisco Defense Orchestrator Manage Firepower Threat ...
Created by suhegade on 11-26-2019 09:06 PM
0
0
0
0
These days everything is in the cloud. We all know that Cisco Firepower Threat Defense (FTD) is a unified software image, which includes the Cisco ASA features and FirePOWER Services. Using Cisco Defense Orchestrator (CDO), you can manage physical or virt... view more
How Does Cisco Defense Orchestrator Manage Adaptive Security...
Created by suhegade on 11-26-2019 09:03 PM
0
10
0
10
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that provides a simple, consistent, and highly secure way of managing security policies on all your ASA devices. CDO helps you optimize your ASA environment by identifying problems wi... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
FusionCharts will render here