Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ArathCG
Participant

NAT-T and VPN issues with a CISCO Firepower

How's it going?


I have a question that I would like to clarify.
I have a 6600 appliance which cannot establish a VPN with a CISCO Firepower, I have global NAT-T enabled in the appliance properties. On the CISCO side they use UDP encapsulation, but on the Check Point side the tunnel is established through IPSec and not NAT-T. So the behavior seems strange to me.
I changed offer_nat_t_initator parameter to true in order so if the peer wants to switch to using NAT-T port 4500 during the negotiation, we will offer it.

But this didn't work.

Can NAT-T be forced over a specific tunnel?

0 Kudos
2 Replies
Magnus-Holmberg
Advisor

Had alot of issues with NAT-T and most have been resolved by changing to ike version2.

https://www.youtube.com/c/MagnusHolmberg-NetSec
0 Kudos
ArathCG
Participant

Hi Magnus.
Thanks for the comment. I forgot to mention that I am working on IKEv2.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events