Solved: Site-to-site VPN using UDP?

nunojpg00 · ‎03-14-2010

Is possible to create a site-to-site VPN when one end is behind a ISP NAT'ed internet connection using a cisco router?

Specifically IPSEC can use UDP? So far I only managed to do this using OpenVPN.

Regards

Federico Coto Fajardo · ‎03-14-2010

Hi,

The site-to-site VPN can be established if you're doing NAT.

ISAKMP is established using UDP port 500 and then the encrypted traffic is encapsulated using ESP.

If it's NAT is not a problem.

If you're using PAT, ESP causes problems because ESP has no layer 4 information and therefore cannot be PATed.

If this is the situation, just use NAT-T so that ESP traffic will be encapsulated in UDP port 4500.

This should work with no problems.

Federico.

Federico Coto Fajardo · ‎03-14-2010

Hi,