site to site IPSEC Tunnel question problem with NAT T
I have a Cisco 7204, the other side is a Cisco 3000 concentrator.
He is NAT'ing the inside addresses for me to a different range and
doing static NAT.
In the config, he's turned off NAT T, but I am still seeing it trying
to construct this when I do a debug while trying to bring up the
I have over 600 static tunnels with other customers and the majority of
them have 3000's but I have not seen this before.
I'm not really sure what he needs to turn off here.
Here's what he said to me:
"Mike, we have NAT-T off, but since it is available as a global setting
for UDP streams it is testing for a condition to enable it. On a
VPN3000 concentrator it does that if you make it available, and it
tests on port 4500UDP for conditions to accept that. Somehow it is
being accepted and then dropped.
"Can you ignore the request instead of asking it?"
|All times are GMT. The time now is 05:42 AM.|
Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.