I'm trying to set up a IPSec VPN connection between a Cisco ASA and a Mikrotik router (which is behind a Fritzbox in DMZ mode). I think everything is set up correctly except for that NAT-T is missing on the Cisco.
On a Mikrotik you can enable NAT-T per peer, but on the Cisco it's globally. Does enabling NAT-T there break other active tunnels? Or is it just a detection mechanism if IPSec needs to traverse NAT / DMZ devices?
Best Answer
NAT Traversal performs two tasks:
If NAT-T is enabled and client is behind NAT, then NAT-T is used
no NAT exists, then Native IPsec (ESP) is used
So not gonna affect your current tunnels.