encapsulation command. NAT Traversal keepalive is also enabled by default (with a
default value of 20 seconds). Configure NAT Traversal keepalive only if you need to re-
enable it after it was disabled, using the no crypto isakmp nat keepalive
command.
Related topics:
Configuring NAT Traversal on page 500
Configuring NAT Traversal
Procedure
1. Enable NAT Traversal by entering crypto ipsec nat-transparency udp-
encapsulation.
For example:
Gxxx-001# crypto ipsec nat-tranparency udp-encapsulation
Done!
2. Enable NAT Traversal keepalives and configure the keepalive interval in seconds
by entering crypto isakmp nat keepalive, followed by a number from 5 to
3600.
NAT Traversal keepalives are empty UDP packets that the device sends on a
periodic basis at times of inactivity when a dynamic NAT is detected along the way.
These keepalives are intended to maintain the NAT translation alive in the NAT
device, and not let it age-out due to periods of inactivity. Set the NAT Traversal
keepalive interval on the Branch Gateway to be less than the NAT translation aging
time on the NAT device.
For example:
Gxxx-001# crypto isakmp nat keepalive 60
Done!
Assigning a crypto list to an interface
About this task
A crypto list is activated on an interface. You can assign multiple crypto lists to different
interfaces on the Branch Gateway.
Procedure
1. Enter interface context using the interface command.
For example:
Gxxx-001# interface fastethernet 10/3
Gxxx-001(config-if:FastEthernet 10/3)#
2. Configure the IP address of the interface.
You can configure either a static or a dynamic IP address.
IPSec VPN
500 Administering Avaya G430 Branch Gateway October 2013
Comments? infodev@avaya.com
To Next Page
Loading...
