Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2424
Views
0
Helpful
1
Replies

Function command -- nat-t-disable

eigrpy
Level 4
Level 4

‎07-07-2015 11:41 AM

Dear All

I am configuring lan to lan VPN at ASA. As we know, we usually need to disable nat for this traffic using twice nat. However I saw this command nat-t-disable, which could be used under interface. So my question is if we can replace that twice nat with command -- nat-t-disable ? if so, what is difference between them? Thank you

 

 

Labels:
0 Helpful
1 Reply 1

Puneesh Chhabra
Cisco Employee
Cisco Employee

‎07-07-2015 06:05 PM

NAT T is nat traversal.  It is used to encapsulate your ESP communication to UDP 4500 to overcome PAT limitations.  Here's thorough explanation of it:

 

https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec

 

It is entirely different from NAT exempt or twice NAT you are referring to.

 

 

Regards,

Puneesh

0 Helpful
Customers Also Viewed These Support Documents