Can an ASA initiate a L2L VPN over NAT-T behind a router?
The VPN can be successfully established when our third party start the connection but not when we start it from our end.
Many vendors don't support this scenario, I would like to know if Cisco do.
Go to Solution.
Yes that will work. The ASA can be behind a NAT as an IPSec-originater as well as an IPSec-responder. Of course the NAT hast to be configured properly if the ASA is the responder.
-- Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
View solution in original post
Yes, that will work. If both ASAs have NAT-T enabled (which is the default) then there is no reason that it shouldn't work.
Thanks Karsten for your quick reply.
If the othe peer was another ASA with no NAT in front of it, would it be able to initiate the proposal?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: