Scenarios Depicting IPsec Nat-traversal
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
869
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
SCENARIOS DEPICTING IPSEC NAT-TRAVERSAL
Figure 32: IPsec Scenario with NAT-Traversal
When both the IPsec peers Host 1 and Host 2 are behind NAT. Both peers being
NAT-T capable detect NAT during the main mode negotiation and peers switch to
port 4500.
OA5740-A
ALU(config)# show match-list
match-list m1
1 ip prefix 192.168.0.0/24 prefix 172.16.2.0/24
!
ALU(config)# interface GigabitEthernet 3/0
ALU(config-if GigabitEthernet3/0)#ip address 202.50.24.2/24
ALU(config-if GigabitEthernet3/0)#crypto-map map1
ALU(config-if GigabitEthernet3/0)#show crypto
crypto ike key secret peer 202.50.24.1
!crypto ike policy default
! proposal md5-des
! ipsec security-association lifetime seconds 28800
! lifetime seconds 86400
! pfs group2
!crypto ipsec transform-set default
! esp-md5-des esp-sha1-des
crypto map map1 ipsec-ike default
peer 202.50.24.1
match m1
transform-set default
pfs group2
! Applied to : GigabitEthernet3/0
interface GigabitEthernet3/0
crypto map map1
top
To Next Page
Loading...
Need help?
General
