Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
2
Replies

IPSEC pass-through

lehpoh
Level 1
Level 1

‎05-15-2003 11:55 PM - edited ‎02-21-2020 12:32 PM

1. Multiple users, using cisco VPN client with no transparent tunneling enabled, connect to VPN peer through Cisco router (PAT). Can this be done?

2. Multiple users, using cisco VPN client with NAT-Traversal enabled, connect to VPN peer through Cisco router (PAT). Can this be done?

3. I heard if you want to have multiple VPN connections through Cisco router (PAT), you can only use encapsulation over TCP. NAT-Traversal only support single VPN connection through Cisco router (PAT). Is that true?

Labels:
0 Helpful
2 Replies 2

lehpoh
Level 1
Level 1

‎05-21-2003 12:34 AM

Anyone care to enlighten me?

Thanks.

0 Helpful

ali-franks
Level 1
Level 1

‎05-22-2003 04:35 AM

1. Yes.

IOS version on router needs to be of a level that supports IPSec pass-through. Use ESP only and not AH. Because IKE uses UDP 500 it will NAT/PAT fine, but ESP does not use UDP , therefore the IPSec ESP packets will be dropped unless you have the IOS version that supports it. Can't remember the version off the top of my head!!

2. See below

3. NAT-Traversal supporting single connection? Not sure - wouldn't think so though.

You can use TCP or UDP to get though a NAT device , but it must be configured on both ends, such as a Concentrator and a client. UDP is enabled by default on the VPN Client, default port 10000.

As for NAT-T, I think it's to allow IPSec connections through a device such as a firewall, that does not allow IPSec connections. Uses UDP port 4500. I reckon this only aplpied to a firewall scenario and not a router (See 1)

Maybe someone can shed some more light on this?

HTH

Ali

0 Helpful
Customers Also Viewed These Support Documents