<div>
I took the liberty of adding the Cisco PIX/ASA and VPN zones to your question to see if we can get the attention of some additional experts.
</div>


I took the liberty of adding the Cisco PIX/ASA and VPN zones to your question to see if we can get the attention of some additional experts.

<div>
Enabling Nat-T fixed the problem the second time around; unknown what happened the first time when it didn't work. &nbsp; Thanks.
</div>


Enabling Nat-T fixed the problem the second time around; unknown what happened the first time when it didn't work.   Thanks.

<div>
<div class="content wysiwyg-content">
Is there any reason you would turn off Nat-T on an ASA?<br />
<br />
If it's on, and you don't use it, then no-harm-no-foul, right?<br />
<br />
I ask because we get much different failures when we turn on NAT-T (i.e no connection), versus when we have it turned off (then we get IPSEC, but no data flow)
</div>
</div>


Is there any reason you would turn off Nat-T on an ASA?

If it's on, and you don't use it, then no-harm-no-foul, right?

I ask because we get much different failures when we turn on NAT-T (i.e no connection), versus when we have it turned off (then we get IPSEC, but no data flow)

ASA and Nat-Traversal option

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

Networking software modules are interfaced with a framework implemented on the machine's operating system that implements the networking functionality of the operating system. The best known frameworks are the TCP/IP model and the OSI model. Systems typically do not use a single protocol to handle a transmission. Instead they use a set of cooperating protocols, sometimes called a protocol family or protocol suite.[9] Some of the best known protocol suites include: IPX/SPX, X.25, AX.25, AppleTalk and TCP/IP. Other protocols indirectly related to networking include the hypertext transfer protocol (HTTP) and its related technologies, Dynamic Host Configuration Protocol (DHCP), Domain Name Server (DNS) and other Internet protocols.