14.7
nat iketranslation
14.7.1
Syntax
nat iketranslation {cookies|ports}
14.7.2
Description
This command supports NAT IPSec traversal. It allows you to specify how
Internet Key Exchange (IKE) packets are translated.
IKE establishes a shared security policy and authenticates keys for services
that require keys, such as IPSec. Before any IPSec traffic can be passed,
each router/firewall/host must verify the identity of its peer. This can be done
by manually entering pre-shared keys into both hosts or by a CA service.
14.7.3
Options
The following table gives the range of values for each option which can be
specified with this command and a default value (if applicable).
Option
cookies
ports
14.7.4
Example
--> nat iketranslation cookies
2/1553-ZAT 759 94 Uen B – December 2005
Description
Source port will not be translated for
IKE packets; IKE cookies are used
to identify IKE sessions.
Source port will be translated for IKE
packets.
NAT CLI Commands
Default value
ports
347