![]() ![]() Note: It is important to allow the UDP 4500 for NAT-T, UDP 500 and ESP ports by the configuration of an ACL because the PIX/ASA acts as a NAT device. Note: This command is the same for both PIX 6.x and PIX/ASA 7.x. Under this tab, choose Enable Transparent Tunneling and the IPSec over UDP ( NAT / PAT ) radio button. It opens a new window where you have to choose the Transport tab. In Cisco VPN Client, choose to Connection Entries and click Modify. The clients need to be modified as well in order for it to work. PIX/ASA 7.2(1) and later securityappliance(config)# crypto isakmp nat-traversal 20 PIX/ASA 7.1 and earlier pix(config)# isakmp nat-traversal 20 The 20 in this example is the keepalive time (default). Here is the command to enable NAT-T on a Cisco Security Appliance. Note: With Cisco IOS Software Release 12.2(13)T and later, NAT-T is enabled by default in Cisco IOS. Enable NAT-T in the head end VPN device in order to resolve this error. Reason 412: The remote peer is no longer responding. Similarly, if you are unable to do simultaneous login from the same IP address, the Secure VPN connection terminated locally by client. If you do not enable the NAT-T in the NAT/PAT Device, you can receive the regular translation creation failed for protocol 50 src inside:10.0.1.26 dst outside:10.9.69.4 error message in the PIX/ASA. If NAT-T is not enabled, VPN Client users often appear to connect to the PIX or ASA without a problem, but they are unable to access the internal network behind the security appliance. NAT-Traversal or NAT-T allows VPN traffic to pass through NAT or PAT devices, such as a Linksys SOHO router. Note: Some of the commands in these sections have been brought down to a second line due to spatial considerations.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |