EasyManua.ls Logo

Avaya G430 - Page 499

Avaya G430
696 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuring global parameters
Related topics:
Enabling invalid SPI recovery on page 499
NAT Traversal on page 499
Enabling invalid SPI recovery
About this task
Invalid SPI Recovery enables an IKE SA to be established when an invalid security parameter
index error occurs during packet processing. A notification of the invalid SPI error is sent to
the originating peer so that the SA databases can be re-synchronized, and successful packet
processing can be resumed.
Note:
Invalid SPI recovery is enabled by default. Configure invalid SPI recovery only if you wish
to re-enable it after it was disabled.
Procedure
1. Enable invalid SPI recovery with the crypto isakmp invalid-spi-
recovery command.
For example:
Gxxx-001# crypto isakmp invalid-spi-recovery
Done!
2. Configure NAT Traversal global parameters as described in NAT Traversal on
page 499
NAT Traversal
Network Address Translation (NAT) is a solution to the problem of the scarcity and cost of
public IP addresses. An organization with a single public IP address can use a NAT device to
connect multiple computers to the Internet sharing a single public IP address. However, NAT
causes compatibility problems for many types of network applications, including VPN.
NAT Traversal enables detecting the presence of NAT devices along the path of the VPN
tunnel. Once detected, the two peers tunnel IKE and IPSEC traffic through an agreed-upon
UDP port, allowing the NAT device to work seamlessly with VPN. The standard UDP port used
is port 4500; to find out the port number, use the show crypto ipsec sa command.
The Branch Gateway IPSec VPN feature supports NAT Traversal. If your installation includes
one or more NAT devices between the local and remote VPN peers, NAT Traversal should be
enabled, although in some rare cases it may not be required.
Note:
NAT Traversal is enabled by default. Configure NAT Traversal only if you need to re-enable
it after it was disabled, using the no crypto ipsec nat-transparency udp-
IPSec VPN
Administering Avaya G430 Branch Gateway October 2013 499

Table of Contents

Other manuals for Avaya G430

Preview: Installation And Upgrades
Installation And Upgrades155 pages
Preview: Deploying And Upgrading
Deploying And Upgrading144 pages
Preview: Quick Start For Hardware
Quick Start For Hardware30 pages
Preview: Configuration Manual
Configuration Manual42 pages
Preview: Installing
Installing13 pages

Related product manuals