cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2541
Views
0
Helpful
5
Replies

IKEv1 IPsecOverNatT

Eric Stein
Level 1
Level 1

I have a few ASA 5505's in some remote offices and they connect back to our corporate office Meraki firewall.  They only work correctly when they use NatT.  However, they don't always make a connection that way.  They will frequently connect via IKEv1 IPsec which doesn't work.  I have to connect via the ASDM, log out the VPN and then it will connect via IKEv1IPsecOverNatT.

My question is, is there a way to force the 5505's to always connect using NatT?

Eric

5 Replies 5

Michael Beck
Level 1
Level 1

If you use ASDM:

- Configuration>Site-to-Site VPN>Advanced

- NAT transparency. (Check Enable IPsec over NAT-T)

- Optionally force to TCP with the Enable IPsec over TCP.

If you prefer the command line, in global configuration enter

crypto isakmp nat-traversal