How to check if NAT-T is enabled on a Cisco ASA.

Follow

 

There are 2 places on a Cisco ASA where NAT-T needs to be turned on.

The ASA has to be "allowed" to use NAT-T (first setting), then it needs to be enabled for a specific site-to-site connection.

Here is a table showing the results of the combined settings:

nat-table-vns3.png

FIRST - NAT-T must be enabled in IKE Parameters in order for any connection to have NAT-T working 

cisco1.png

NEXT - EnableNAT-T  on the individual crypto map for the IPSec connection.

 cisco2.png

NOTE: This work was done in the Cohesive Networks test environment and should still be reviewed by your organization’s networking staff, and appropriate change control mechanisms used to deploy changes.

Have more questions? Submit a request

Comments