Enabling NAT-T on a Virtual Router

You can use the ipsec option nat-t command to enable NAT-T on a virtual router. With NAT-T enabled, IPsec traffic flows transparently through a NAT device, thereby allowing one or more remote hosts located behind the NAT device to use secure L2TP/IPsec tunnel connections to access the router.

The ipsec option nat-t command affects only those IKE SAs negotiated on this virtual router after the command is issued; it has no effect on previously negotiated IKE SAs.

You can use the no ipsec option nat-t command to disable NAT-T for the current virtual router. You can use the default ipsec option nat-t command to restore the default NAT-T setting on the enabled virtual router.

To configure NAT-T on the current virtual router:

  1. Select the name of the virtual router you want to configure.
    host1(config)#virtual-router westford host1:westford(config)#
  2. Enable NAT-T for the current virtual router.
    host1:westford(config)#ipsec option nat-t

Related Documentation