Manualshelf

R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
131132133134135136137138139140
127
Item Descri
tion
Enable the NAT traversal
function
Enable the NAT traversal function for IPsec/IKE.
The NAT traversal function must be enabled if a NAT security gateway exists in
an IPsec/IKE VPN tunnel.
In main negotiation mode, IKE does not support NAT traversal and this field is
grayed out.
In FIPS mode, the IKE negotiation must use the main mode and you must
configure NAT traversal at the CLI.
IMPORTANT:
To save IP addresses, ISPs often deploy NAT gateways on public networks to
allocate private IP addresses to users. In this case, one end of an IPsec/IKE tunnel
may have a public address while the other end may have a private address, and
NAT traversal must be configured at the private network side to set up the tunnel.
Viewing IKE SAs
Select VPN > IKE > IKE SA from the navigation tree to display brief information about established
ISAKMP SAs, as shown in Figure 89.
You can click Delete All to remove all ISAKMP SAs. When you clear
a local IPsec SA, if the corresponding ISAKMP SA is still present, the local end will send a Delete
Message to the remote end across the ISAKMP SA, notifying the remote end to delete the IPsec SA. If the
corresponding ISAKMP SA is no longer present, the local end cannot notify the remote end to clear the
IPsec SA.
Figure 89 IKE SA list
Table 9 Field description
Field Descri
tion
Connection ID Identifier of the ISAKMP SA.
Remote IP Address
Remote IP address of the SA.