Solved

IPSec-awareness NAT Spi-Matching Scheme

Posted on 2010-11-16
2
1,470 Views
Last Modified: 2012-05-10
How do I find out if my Router has IPSec-awareness NAT spi-matching scheme  . . . I am having issues getting a tunnel up between my Cisco 2811 and a ASA . . . logs show it is using NAT-Traversal (default) . . . but I see refernces to SPI Matching. If they are conflisting I can trouble shoot.
0
Comment
Question by:smartini67
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 34152653
Kindly post your configuration of router and asa....
0
 
LVL 28

Accepted Solution

by:
bgoering earned 500 total points
ID: 34160278
You might take a look at http://www.cisco.com/en/US/docs/ios/12_2t/12_2t15/feature/guide/ftsecnat.html

"SPI Matching
SPI matching is used to establish VPN connections between multiple pairs of destinations. NAT entries will immediately be placed in the translation table for endpoints matching the configured access list. This is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T."

Do you multiple destinations on either the router or the firewall?
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question