Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
0
Helpful
3
Replies

L2L with ASA behind router

Go to solution
luchthrash
Level 1
Level 1

‎08-09-2012 08:04 AM

Can an ASA initiate a L2L VPN over NAT-T behind a router?

The VPN can be successfully established when our third party start the connection but not when we start it from our end.

Many vendors don't support this scenario, I would like to know if Cisco do.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-09-2012 09:30 AM

Yes that will work. The ASA can be behind a NAT as an IPSec-originater as well as an IPSec-responder. Of course the NAT hast to be configured properly if the ASA is the responder.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to luchthrash

‎08-10-2012 04:09 AM

Yes, that will work. If both ASAs have NAT-T enabled (which is the default) then there is no reason that it shouldn't work.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Karsten Iwen
VIP
VIP

‎08-09-2012 09:30 AM

Yes that will work. The ASA can be behind a NAT as an IPSec-originater as well as an IPSec-responder. Of course the NAT hast to be configured properly if the ASA is the responder.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful

Go to solution
luchthrash
Level 1
Level 1
In response to Karsten Iwen

‎08-10-2012 02:49 AM

Thanks Karsten for your quick reply.

If the othe peer was another ASA with no NAT in front of it, would it be able to initiate the proposal?

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP
In response to luchthrash

‎08-10-2012 04:09 AM

Yes, that will work. If both ASAs have NAT-T enabled (which is the default) then there is no reason that it shouldn't work.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents