cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
393
Views
0
Helpful
1
Replies

VPN Tunnel not building with NAT-T all the time.

jason2g6114
Level 1
Level 1

I have my HQ site that has a Cisco ASA 5508 and it is terminating my VPN from my remote sites. The remote sites have Meraki Firewalls in place. When the site has a circuit issue with the provider and it comes back up it will build the tunnel with no issues but no traffic can traverse the tunnel. We have to manually logout the tunnel on the ASA and let it rebuild again until it shows IKEv1:IPSsecOverNatT. Only then will it pass traffic. Is there a way to force the tunnel to always enable NAT-T no matter what to prevent this issue?

1 Reply 1

pjain2
Cisco Employee
Cisco Employee

Hi Jason,

Is the ASA behind the nat device or the Meraki?

during the time of the issue, do you see the tunnel building on udp 500 rather than 4500 which could be the reason for the traffic not passing through.

if it is building on udp 500, can you check who is the initiator in this case.