Table of Contents
Advertisement
®
Efficient Networks
Router family
Command Line Interface Guide
ike ipsec policies set translate
Defines a translate filtering parameter value for the policy. The translate option
determines whether the router applies NAT (network address translation) before the
packets are encrypted by IPSec.
NOTE:
The remote must have IP address translation enabled (see
Translation (NAT)" on page 4-17.
NOTE:
The address that NAT translates to should be the source or destination address for
the policy (use the
command).
Use this option when several remote sites have the same IP subnet, making it
impossible to tunnel those sites unchanged to the corporate network.
When the router's public IP address is not the desired choice for the network address
translation, you can define a virtual Ethernet interface. A virtual Ethernet interface can
be created to translate to an arbitrary IP address (see
Again, be sure that the virtual Ethernet interface has IP address translation enabled
(eth ip
translate), and use the virtual Ethernet interface as the gateway to the other
end of the protected network. (See the example below.) You can use the
addhostmapping
the IKE tunnel can be initiated from either end.
Mgmt Class
Security (R/W)
Input Format
ike ipsec policies set translate
Parameters
on | off
<policyname>
a
ASCII string
b
To see the policy names, use the
®
Efficient Networks
Or, the
ike ipsec policies set source
command to map a range of NAT addresses to private addresses so
Sets the translate option on or off. If translate is set to on, trans-
lation is applied before encryption, and the packets are sent us-
ing the host router's public IP address.
a
Name of the IPsec policy to which the source port parameter val-
b
ue is added.
ike ipsec policies list
Chapter 12: IKE/IPsec Commands
"Network Address
remote setiptranslate
or
ike ipsec policies set dest
"IP Subnets" on page
on | off <policyname>
command.
command).
6-1.).
eth ip
Page 12-21
Advertisement
Table of Contents
