Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
2
Replies

Site-to-site VPN using UDP?

Go to solution
nunojpg00
Level 1
Level 1

‎03-14-2010 08:07 AM

Is possible to create a site-to-site VPN when one end is behind a ISP NAT'ed internet connection using a cisco router?

Specifically IPSEC can use UDP? So far I only managed to do this using OpenVPN.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-14-2010 09:38 AM

Hi,

The site-to-site VPN can be established if you're doing NAT.

ISAKMP is established using UDP port 500 and then the encrypted traffic is encapsulated using ESP.

If it's NAT is not a problem.

If you're using PAT, ESP causes problems because ESP has no layer 4 information and therefore cannot be PATed.

If this is the situation, just use NAT-T so that ESP traffic will be encapsulated in UDP port 4500.

This should work with no problems.

Federico.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-14-2010 09:38 AM

Hi,

The site-to-site VPN can be established if you're doing NAT.

ISAKMP is established using UDP port 500 and then the encrypted traffic is encapsulated using ESP.

If it's NAT is not a problem.

If you're using PAT, ESP causes problems because ESP has no layer 4 information and therefore cannot be PATed.

If this is the situation, just use NAT-T so that ESP traffic will be encapsulated in UDP port 4500.

This should work with no problems.

Federico.

0 Helpful

Go to solution
nunojpg00
Level 1
Level 1
In response to Federico Coto Fajardo

‎03-15-2010 05:03 PM

PAT, sorry. But you explained for all cases. Wonderfull.

Thank you!

0 Helpful
Customers Also Viewed These Support Documents