1. Home
  2. Cisco Systems
  3. WebVPN NAT-T

WebVPN NAT-T

Upon reading Release Notes for Cisco VPN 3000 Series Concentrator, Release 4.7; Cisco SSL VPN Client, Release 1.0, I bumped into this sentence:

"When using WebVPN with NAT-T, do not set the NAT-T port to 443. We recommend using port 80 for NAT-T, as firewalls should allow this."

WebVPN with NAT-T?!?! WebVPN is SSL based. It doesn't touch layer 3. Why would I need a NAT transparency feature? Plus, NAT-T uses a fixed port (UDP 4500), you can't change it under Cisco IOS or PIX Finesse or VPN Concentrator OS...

I just can't figure out what Cisco means by that sentence!! Can someone shed some light on this?

Deeply appreciated!

formatting link
Aless Pereira ARP Labs

Reply to
arplabs
Loading thread data ...

formatting link

to my knowlegde, you can run webVPN in several senarioes. One being the SSL, other being you have SSL-VPN client that you need to install first. This is infact a VPN client, hence NAT Traversal should be in place. HTH Martin Bilgrav

Reply to
Martin Bilgrav

Yes, there're actually 3 options on a WebVPN solution:

- Clientless, mainly for web browsing and file sharing at the most;

- Thin Client, where you get an applet downloaded to your box and the ability to forward arbitrary network connections over the encrypted SSL connection over port 443

- Tunnel Mode, aka SVC "SSL VPN Client", where you also download this app and get full tunnel capability, much like IPSEC.

I have access to equipment capable of handling the first two, so I know how they work in detail. The BIG question is the Tunnel Mode. Still being an SSL tunnel and not an IPSEC one, I wonder if everything gets tunneled over port TCP 443 or if it requires other ports to happen.

Has anybody tested or used SVC out there?

Aless Pereira ARP Labs

- Mart> > Upon reading Release Notes for Cisco VPN 3000 Series Concentrator,

formatting link
>

Reply to
arplabs

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.