Table of Contents
Advertisement
3Com Router 3000 Ethernet Family
Configuration Guide
VII. Configuring NAT traversal
The NAT traversal function must be configured so long as there is a NAT IPSec device
on the VPN tunnel constructed using IPSec/IKE.
Perform the following configuration in IKE-peer view.
Table 8-14 Configure the NAT traversal function of IPSec/IKE
Enable the NAT traversal function of IPSec/IKE
Disable the NAT traversal function of IPSec/IKE
To save IP address space, ISPs often deploy NAT gateways on public networks so that
private IP addresses can be allocated to users. The likelihood thus exists that at one
end of an IPSec/IKE tunnel is a public address and at the other end is a private one. To
set up the tunnel in this case, you must configure NAT traversal at both private network
side and public network side.
Note:
At present, NAT traversal is available in IKE aggressive mode but not in main mode.
VIII. Configuring the NAT keepalive interval for IKE peers
Perform the following configuration in system view.
Table 8-15 Configure the NAT keepalive interval for IKE peers
Configure the NAT keepalive interval for
IKE peers
Disable NAT keepalive for IKE peers
By default, NAT keepalive of IKE peers is disabled.
You may configure IKE peers to send NAT Keepalive messages which are
encapsulated in UDP packets without being encrypted, to maintain validity of dynamic
NAT mappings between IKE peers on NAT gateways. These messages however
cannot check the state of IKE peers.
When configuring a NAT keepalive interval for IKE peers, make sure that it is less than
the translation timeout of NAT.
Operation
Operation
3Com Corporation
8-10
Chapter 8 IKE Configuration
Command
nat-traversal
undo nat-traversal
Command
ike sa nat-keepalive-timer interval
seconds
undo
ike
sa
nat-keepalive-timer
interval
Advertisement
Chapters
Table of Contents
Troubleshooting
