SRX

when i build a site to site vpn with our parterner public ip  , when i show security ipses sa , i find that the port is 4500 , do i need to nat traversal for it ?and how to should i configure nat traversal on juniper 1400 

Can you explain a bit more about your setup and what you want to acomplish ? also a paste of your config would be nice

to clear you question a bit up

well , i have build a site to site vpn with  partner   , the vpn is up ,all the route and policy is correct ,but the service go throung the vpn is not  working . his vpn device is behid a nat device  .i wonder if it is nat issue ,shall i need configure nat traversal on SXR , if the answer is yes ,how to configure NAT traversal on SXR .

Can you attach your config, also can you paste a  show security ike security-associations detail

 show security ipsec security-associations detail

Are you able to also show us the setup on the other side of the vpn ?

If the other side is behind a nat then you will need to configure nat-t.  See the outine in Understanding Nat-t with links to the configuration instructions which you will select based on the scenario for your setup.

http://www.juniper.net/techpubs/en_US/junos12.1/topics/concept/ipsec-nat-traversal-understanding.html

Hi caulfiedd@live.cn ,

By default , NAT-traversal is enabled on SRX.

so during messages  3 and 4 , NATT payload are exchanged between 2 peers.

Nat Traversal (NATT) has to be enabled on both Peers so that ESP packets can be encapsulated within UDP header to pass through NAT device.

Regards,
rparthi

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too