site to site IPSEC Tunnel question problem with NAT T

Discussion in 'Cisco' started by michaelav@cox.net, Nov 2, 2006.

  1. Guest

    I have a Cisco 7204, the other side is a Cisco 3000 concentrator.
    He is NAT'ing the inside addresses for me to a different range and
    doing static NAT.
    In the config, he's turned off NAT T, but I am still seeing it trying
    to construct this when I do a debug while trying to bring up the
    tunnel.
    I have over 600 static tunnels with other customers and the majority of
    them have 3000's but I have not seen this before.
    I'm not really sure what he needs to turn off here.
    Here's what he said to me:

    "Mike, we have NAT-T off, but since it is available as a global setting
    for UDP streams it is testing for a condition to enable it. On a
    VPN3000 concentrator it does that if you make it available, and it
    tests on port 4500UDP for conditions to accept that. Somehow it is
    being accepted and then dropped.

    "Can you ignore the request instead of asking it?"
     
    , Nov 2, 2006
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Ireland
    Replies:
    1
    Views:
    1,132
    Claude LeFort
    Nov 11, 2003
  2. a.nonny mouse
    Replies:
    2
    Views:
    1,183
  3. AM
    Replies:
    7
    Views:
    4,531
    kh_alex81
    Jul 19, 2007
  4. Trouble
    Replies:
    0
    Views:
    780
    Trouble
    Aug 4, 2006
  5. Trouble
    Replies:
    1
    Views:
    591
Loading...

Share This Page