Confusion in NAT -T commands ?

author

 What is the use of below command

1.crypto ipsec nat-transparency udp-encapsulation

2. crypto ipsec nat-transparency spi-matching

3. no crypto ipsec nat-transparency udp-encapsulation

4. crypto ipsec nat-transparency aware dmvpn

  • Total 1 Answer
  • 2931
Can You answer this question?
author

1) Usage-- NAT Traversal is auto detected and auto negotiated.

Command- crypto ipsec nat-transparency udp-encapsulation is already there

2) Usage -To disable NAT T use this command

Command- no crypto ipsec nat-transparency udp-encapsulation

3) Usage - It will disable nat t and perform PAT entries identification on SPI basis , it is used on NAT  Device when we disable NAT T on VPN endpoint.

Command- crypto ipsec nat-transparency spi-matching

4)Usage- For the NAT-Transparency Aware enhancement to work, you must use IPsec transport mode on the transform set.

Also, even though NAT-Transparency can support two peers  being translated to the same IP address using the User Datagram Protocol ports to differentiate them , this functionality is not supported for DMVPN.

All DMVPN spokes must have a unique IP address after they have been NAT translated. They can have the same IP address before they are NAT translated.

Command-Crypto ipsec nat-transparency aware