Configure the IPsec Initiator with the IPsec Responder Remote NAT IP Address
About this task
If both the Responder device and the Initiator device are behind Network Address Translation (NAT), you must configure the IPsec Initiator device with the public IP address of the NAT router connected to the IPsec Responder device.
Note
Only perform this procedure on the IPsec Initiator device.Procedure
Variable Definitions
The following table defines parameters for the logical-intf isis command.
| Variable | Value |
|---|---|
| isis <1-255> | Specifies the Intermediate-System-to-Intermediate-System (IS-IS) logical interface ID. |
| dest-ip {A.B.C.D} | Specifies the destination IP address for the logical interface. |
| name WORD<1–64> | Specifies the administratively-assigned name of this logical interface, which can be up to 64 characters. |
|
mtu <mtu_value> Note:
Exception: only supported on XA1400 Series. |
Specifies the Maximum Transmission Unit (MTU) size for each packet. Different hardware platforms support different MTU ranges. Use the CLI Help to see the available range for the switch. The default value is 1950. |
The following table defines parameters for the ipsec remote-nat-ip command.
| Variable | Value |
|---|---|
| {A.B.C.D} |
Specifies the public IP address of the NAT router connected to the Responder device in an IPsec Network Address Translation Traversal (NAT-T) connection. Note:
When you configure the IPsec remote NAT IP address, IKE protocol uses UDP port 4500. |