Configure an IPsec NAT-T Responder

About this task

One side of an IPsec Network Address Translation Traversal (NAT-T) connection must be a responder device and the other side must be the Initiator device. By default, both sides of an IPsec NAT-T connection are Initiators. Use the following procedure to configure one side of an IPsec NAT-T connection as a Responder device.

Procedure

  1. Enter Logical IS-IS Interface Configuration mode:

    enable

    configure terminal

    logical-intf isis <1–255>

  2. Configure an IPsec Responder:

    ipsec responder-only

Variable Definitions

The following table defines parameters for the logical-intf isis command.

Variable Value
isis <1-255> Specifies the Intermediate-System-to-Intermediate-System (IS-IS) logical interface ID.
dest-ip {A.B.C.D} Specifies the destination IP address for the logical interface.
name WORD<1–64> Specifies the administratively assigned name of this logical interface, which can be up to 64 characters.

mtu <mtu_value>

Note:

Exception: only supported on XA1400 Series.

Specifies the Maximum Transmission Unit (MTU) size for each packet. Different hardware platforms support different MTU ranges. Use the CLI Help to see the available range for the switch.

The default value is 1950.
9037147-00 Rev AB