Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
Configuring NAT-T
ipsec option nat-t
286
Use to create the destination profile that defines the location of the LAC and to access
L2TP Destination Profile Configuration mode.
If no virtual router is specified, the current virtual router context is used.
If the destination address is 0.0.0.0, then any LAC that can be reached via the specified
virtual router is allowed to access the LNS. If the destination address is nonzero, then
it must be a host-specific IP address.
The router supports up to 4,000 L2TP destination profiles.
Example
host1:boston(config)#l2tp destination profile boston ip address 10.10.76.12
host1:boston(config-l2tp-dest-profile)#
Use the no version to remove the L2TP destination profile and all of its host profiles.
NOTE: If you remove a destination profile, all tunnels and sessions using that profile
will be dropped.
See l2tp destination profile.
To configure NAT-T on the current virtual router:
Select the name of the virtual router you want to configure.
1.
host1(config)#virtual-router westford
host1:westford(config)#
Enable NAT-T for the current virtual router.
2.
host1:westford(config)#ipsec option nat-t
Use to enable NAT-T for the current virtual router.
With NAT-T enabled, IPSec traffic flows transparently through a NAT device, thereby
allowing one or more remote hosts located behind the NAT device to use secure
L2TP/IPSec tunnel connections to access the router.
The ipsec option nat-t command affects only those IKE SAs negotiated on this virtual
router after the command is issued; it has no effect on previously negotiated IKE SAs.
Example
host1:sunnyvale(config)#ipsec option nat-t
Use the no version to disable NAT-T for the current virtual router.
Use the default version to restore the default NAT-T setting on the virtual router,
enabled.
See ipsec option nat-t.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
