I have a Cisco 7204, the other side is a Cisco 3000 concentrator. He is NAT'ing the inside addresses for me to a different range and doing static NAT. In the config, he's turned off NAT T, but I am still seeing it trying to construct this when I do a debug while trying to bring up the tunnel. I have over 600 static tunnels with other customers and the majority of them have 3000's but I have not seen this before. I'm not really sure what he needs to turn off here. Here's what he said to me:
"Mike, we have NAT-T off, but since it is available as a global setting for UDP streams it is testing for a condition to enable it. On a VPN3000 concentrator it does that if you make it available, and it tests on port 4500UDP for conditions to accept that. Somehow it is being accepted and then dropped.
"Can you ignore the request instead of asking it?"