Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enabling NAT-T on a Virtual Router

    You can use the ipsec option nat-t command to enable NAT-T on a virtual router. With NAT-T enabled, IPsec traffic flows transparently through a NAT device, thereby allowing one or more remote hosts located behind the NAT device to use secure L2TP/IPsec tunnel connections to access the router.

    The ipsec option nat-t command affects only those IKE SAs negotiated on this virtual router after the command is issued; it has no effect on previously negotiated IKE SAs.

    You can use the no ipsec option nat-t command to disable NAT-T for the current virtual router. You can use the default ipsec option nat-t command to restore the default NAT-T setting on the enabled virtual router.

    To configure NAT-T on the current virtual router:

    1. Select the name of the virtual router you want to configure.
      host1(config)#virtual-router westford host1:westford(config)#
    2. Enable NAT-T for the current virtual router.
      host1:westford(config)#ipsec option nat-t

    Published: 2014-08-12