?
Solved

IPSec-awareness NAT Spi-Matching Scheme

Posted on 2010-11-16
2
Medium Priority
?
1,491 Views
Last Modified: 2012-05-10
How do I find out if my Router has IPSec-awareness NAT spi-matching scheme  . . . I am having issues getting a tunnel up between my Cisco 2811 and a ASA . . . logs show it is using NAT-Traversal (default) . . . but I see refernces to SPI Matching. If they are conflisting I can trouble shoot.
0
Comment
Question by:smartini67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 34152653
Kindly post your configuration of router and asa....
0
 
LVL 28

Accepted Solution

by:
bgoering earned 2000 total points
ID: 34160278
You might take a look at http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsecnat.html

"SPI Matching
SPI matching is used to establish VPN connections between multiple pairs of destinations. NAT entries will immediately be placed in the translation table for endpoints matching the configured access list. This is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T."

Do you multiple destinations on either the router or the firewall?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question