cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

1630
Views
5
Helpful
2
Replies
Beginner

NAT-T affects other VPN tunnels?

Hi all,

I need to connect site-to-site VPN to a Cisco Meraki device, with my side is a Cisco ASA-X Firewall.

I was told by my client that the only way to establish to connect to their Meraki device is if i turn on "NAT-T NAT traversal" on my Cisco ASA-X

However, the only way i find to enable NAT traversal is to put crypto isakmp nat-traversal 3600 as a global command.

What i am worried is that since my current other site-to-site VPN tunnels on my ASA does not have NAT traversal, by enabling NAT traversal globally at my ASA, is this going to impact their tunnels?

Cheers,

Hunt

2 REPLIES 2
VIP Advocate

you can disable NAT-T on a

you can disable NAT-T on a per VPN basis.  use the following as an example of how to.

crypto map outside_map 5 set nat-t-disable

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to rate and select a correct answer
Highlighted
Beginner

Hello,

Hello,

This is not going to impact your other tunnels at all!!!

This NAT-T functionality will allow the ASA to detect devices behind a NAT and will use UDP port 4500 instead of UDP 500.

The current peers that are not behind a nat device will just work as usual with UDP port 500.

If you would like to know more about how NAT-T works you can check this documentation:

https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

Regards, please rate!

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here