Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
2
Replies

LAN to LAN VPN problum because of NAT-T

mustafa.mail
Level 1
Level 1

‎06-11-2005 09:41 PM

I am using VPN Concentrator 3030, with image 4.1.7.D. I configured remote access & LAN-to-LAN VPN on this concentrator. Now because of my remote access users have a problem to access VPN through NAT/PAT, I enable a NAT-T. (In Configuration | Tunneling and Security | IPSec | NAT Transparency). I open a UDP port 4500 on my firewall because My concentrator is behind the Firewall. Now my all the Remote access clients are working fine through NAT-T.

Also I have a some running LAN-to-LAN van connection, which is terminating on different peer devices (Router, Concentrator).. Now I didn't enable a NAT-T on any of the LAN-to-LAN Connection. But still my LAN-to-LAN connection is first trying to check the NAT devices. Why my LAN-to-LAN connection is first checking for NAT-T even I didn't enable NAT-T on LAN-to-LAN connection? Now beacuse of NAT-T, my LAN-to-LAN Connection is not able to established because NAT-T detect local device is behind the NAT. How can I resolve this problum? After disabling NAT-T my LAn-to-LAn VPN is working fine.

Thanks,

Mustafa

Labels:
0 Helpful
2 Replies 2

ehirsel
Level 6
Level 6

‎06-12-2005 07:03 AM

On the 3030 go to Configuration | Tunneling and Security | IPSec LAN-to-LAN | Add or Modify Screen and insure that the NAT-T option is not checked for all your lan-to-lan connections.

Let me know what you find.

0 Helpful

mustafa.mail
Level 1
Level 1
In response to ehirsel

‎06-12-2005 10:01 PM

Hi,

Yes, In LAN to LAN configuration, NAT-T option is not checked.

Regards,

Mustafa

0 Helpful
Customers Also Viewed These Support Documents