Cisco Community
English
Register
Congratulate December's Spotlight Awardees. CLICK HERE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
582
Views
0
Helpful
1
Replies
Highlighted
pascal.lepesant
Beginner
Beginner
‎04-01-2009 07:05 PM
‎04-01-2009 07:05 PM

EZvpn IOS to ASA behind NAT

Hi,

I am trying to set-up ezvpn between a 881W(client) and and ASA5510 (server). The setup works correctly if the 881W is directly connected to the ISP. But I need to connect it behind a ASA5505 with NAT. This way the VPN do not mount.

In the ASA5510 (ezvpn server) the group-policy includes the following commands:

ipsec-udp enable

ipsec-udp-port 10000

But it looks like the 881W still try send traffic over esp.

Any advices to bring this up ?

Pascal

Labels:
0 Helpful
Reply
1 REPLY 1
Highlighted
andrew.prince
Advocate
Advocate
‎04-02-2009 09:53 AM
‎04-02-2009 09:53 AM

make sure you are forwrding UDP 4500 - L2L VPN's do not negotiate NAT-T ports, they use the RFC defined - UDP 4500.

HTH>

0 Helpful
Reply
Latest Contents
Cisco Endpoint Security Analytics (CESA) dashboard overview ...
Created by Jason Kunst on 01-19-2021 12:35 PM
0
0
0
0
The following guide goes over the in and out of the Cisco Endpoints Security Analytics Dashboard as an overview and faq page For more information on the solution please visit the CESA POV page Building content as of 1/19/2021
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:48 PM
0
0
0
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
#CiscoChat Live: Accelerating your security maturation journ...
Created by Kelli Glass on 01-15-2021 04:46 PM
3
0
3
0
Join us live on Tuesday, January 19 at 10:00 am PT (and on demand after) as we discuss the latest version of ATT&CK and the expansion of TTPs in v8.  As a security expert, you are tasked with protecting your environment. You see the value of... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 01-15-2021 06:09 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
Serious problem with Object Groups + Access Policies in FMC
Created by mhmservice on 01-15-2021 04:31 AM
0
0
0
0
Hi allI've been having a major problem with Object Groups in FMC access policiesIf I have a pre-existing line in a policy with an Object Group which contains a list of IPs, if I add an additional IP to that object group, then deploy, the traffic is still ... view more
Content for Community-Ad