Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Cannot Communicate Through NAT Traversal

0

0

Article ID: KB4994 KB Last Updated: 22 Jul 2014Version: 4.0
Summary:

Users are unable to communicate through NAT Traversal (NAT-T). NAT Traversal (NAT-T) must be configured correctly in order for it to function properly. This article lists the correct configuration settings.

This article applies to ScreenOS 4.0 and later.

Symptoms:

Symptoms experienced by users:

  • NAT device is in front of NetScreen
  • NetScreen behind NAT device sees phase 2 completing
  • Cannot communicate through NAT traversal
  • Cannot ping through VPN tunnel with NAT traversal
Cause:

Solution:

This article applies to ScreenOS 4.0 and later.

Image of example

NAT Traversal (NAT-T) must be configured correctly in order for it to function properly. If problems are experienced while operating in this mode, confirm the following settings:

  • On the NetScreen device that is not behind a NAT device, the IKE Gateway Type should be Dynamic IP. Also, the Peer ID must be the Local ID of the remote NetScreen device.
  • The VPN should be initiated with traffic from the NetScreen behind the NAT device.
  • When using preshared secrets, both gateways must be configured for aggressive mode. Main Mode can only be used with certificates.

For more information on configuring a LAN-to-LAN VPN using NAT Traversal, go to Configuring Your NetScreen Devices for a Route Based LAN to LAN VPN Using NAT Traversal.



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search