02-12-2009 05:44 PM
I have an ASA that currently has about 100 IPSEC tunnels coming into it. NAT-T is not enabled on the ASA. We have a new customer coming on that is asking for us to enable NAT-T as apparently they have a NAT device on their side in between. My question is, if I enable it on our ASA, what does it do to all the tunnels that don't require it? Is there a way to only run it on this one new tunnel?
02-13-2009 03:44 AM
NAT-T is negotiated at Phase 1 IKE. If you have tunnels that do not require it, they will not use it.
HTH>
02-13-2009 08:25 AM
thanks. does anyone know if its possible to enable it for just the one tunnel, or does it only get enabled "globally"?
02-13-2009 08:28 AM
It's a global command - so no, you cannot enable on a per tunnel basis.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide