Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
421422423424425426427428429430
IKE Configuration Commands 421
Use the undo nat traversal command to disable the NAT traversal function of
IKE/IPsec.
This command fits for the application that the NAT GW functionality is included in
the VPN tunnel constructed by IKE/IPsec.
To save IP address space, ISPs often add NAT gateways to public networks, so as to
allocate private IP addresses to users. This may lead to IPsec/IKE tunnel having both
public network address and private network address at both ends. Hence you
must enable NAT traversal at the private network end, so as to ensure normal
negotiation and establishment for the tunnel.
Example
# Enable the NAT traversal function.
[SecBlade_VPN] ike peer new_peer
[SecBlade_VPN-ike-peer-new_peer] nat traversal
peer Syntax
peer { multi-subnet | single-subnet }
undo peer
View
IKE-peer view
Parameter
multi-subnet: Sets the subnet type to multiple.
single-subnet: Sets the subnet type to single.
Description
Use the peer command to configure the subnet type in IKE negotiation.
Use the undo peer command to restore the default subnet type. You can use this
command to enable interoperability between the router and a Netscreen device.
The default is single-subnet.
Example
# Set the subnet type in IKE negotiation to multiple.
[SecBlade_VPN-ike-peer-xhy] peer multi-subnet
pre-shared-key Syntax
pre-shared-key key
undo pre-shared-key
View
IKE-peer view