01-19-2023 11:09 AM
Hello.
I'm troubleshooting an ASA 5525 to CSR1000V failed tunnel turn-on. I notice that port 500 is being used, which means that NAT-T is not being used.
What are the commands inside the VPN configuration enables NAT-T so that it will use UDP port 4500?
Thank you.
01-19-2023 11:12 AM
@jmaxwellUSAF you still need to use udp/500, NAT-T is used to encapsulate ESP into udp/4500 - even then the initial communication uses udp/500.
Provide your configuration so we can troubleshoot the reason why it doesn't work.
01-19-2023 11:13 AM
NAT-T is enable by defualt,
You can disbale it.
When ipsec use 500 and when use 4500? It use 4500 only if one peer detect that other is behind NAT, if not then both will use 500
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
