Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Remote Peer ISAKMP Protocol Policy Mode Commands

14-102 Configuring the VPN

XSR(config-isakmp-peer)#exchange-mode main

nat-traversal

ThecommandsetstheIKEandIPSecNAT(NetworkAddressTranslation)traversalmodeused

whencommunicatingwithremotepeersmatchingthepeersubnetandwildcardmasks.

TheautomaticparameterconfiguresIKEtoautomaticallydetectunroutableIPaddressesbetween

thelocalandremotegatewayandtothenswitchtoUDPencapsulationof

IPSectraffic.The

alternatevaluesforthisparameter(enabledanddisabled)unconditionallyturnUDPencapsulation

ofIPSecpacketsonoroff,respectively.

Syntax

nat-traversal {automatic | enabled | disabled}

Syntax of the “no” Form

Thenoformofthiscommandresetsthedefaultvalue:

no nat-traversal

Default

Disabled

Mode

RemotePeerISAKMPprotocolpolicyconfiguration:XSR(config-isakmp-peer)#

Example

ThefollowingexamplesetsIKENATmodetoenabled:

XSR(config-isakmp-peer)#nat-traversal enabled

proposal

ThiscommandattachesuptothreeIKEpoliciestoaremote peer.Proposalsareconfiguredwith

the

crypto isakmp proposal command.

Syntax

proposal pol1 [poll2 poll3]

automatic

IKENATmodedynamicallyrespondstodiscoveredunroutableIP

addressesbyUDP‐encapsulatingthistraffic.

enabled

IKENATmodeunconditionallyon.

disabled

IKENATmodeunconditionallyoff.

pol2 poll3

Namesofpoliciesattachedtotheremotepeer.

previous next