Avaya G430 Manual page 500

IPSec VPN
encapsulation command. NAT Traversal keepalive is also enabled by default (with a
default value of 20 seconds). Configure NAT Traversal keepalive only if you need to re-
enable it after it was disabled, using the no crypto isakmp nat keepalive
command.
Related topics:
Configuring NAT Traversal
Configuring NAT Traversal
Procedure
1. Enable NAT Traversal by entering crypto ipsec nat-transparency udp-
2. Enable NAT Traversal keepalives and configure the keepalive interval in seconds
Assigning a crypto list to an interface
About this task
A crypto list is activated on an interface. You can assign multiple crypto lists to different
interfaces on the Branch Gateway.
Procedure
1. Enter interface context using the interface command.
2. Configure the IP address of the interface.
500 Administering Avaya G430 Branch Gateway
on page 500
encapsulation.
For example:
crypto ipsec nat-tranparency udp-encapsulation
Gxxx-001#
Done!
by entering crypto isakmp nat keepalive, followed by a number from 5 to
3600.
NAT Traversal keepalives are empty UDP packets that the device sends on a
periodic basis at times of inactivity when a dynamic NAT is detected along the way.
These keepalives are intended to maintain the NAT translation alive in the NAT
device, and not let it age-out due to periods of inactivity. Set the NAT Traversal
keepalive interval on the Branch Gateway to be less than the NAT translation aging
time on the NAT device.
For example:
crypto isakmp nat keepalive 60
Gxxx-001#
Done!
For example:
Gxxx-001# interface fastethernet 10/3
Gxxx-001(config-if:FastEthernet 10/3)#
You can configure either a static or a dynamic IP address.
Comments? infodev@avaya.com
October 2013