ip

crypto-auto-ipsec-tunnel commands

Enables the controller to uniquely identify APs and the hosts present in the AP‘s subnet. This allows the controller to correctly identify the destination host and create a dynamic site-to-site VPN tunnel between the host and the private network behind the controller.

Supported on the following devices:

Access Points: AP5010, AP310i/e, AP410i/e, AP505i, AP510i, AP510e, AP560i, AP6522, AP6562, AP7161, AP7502, AP7522, AP7532, AP7562, AP7602, AP7612, AP7622, AP763, AP7662, AP8163, AP8543, AP8533.
Service Platforms: NX5500, NX7500, NX9500, NX9600
Virtual Platforms: CX9000, VX9000

Syntax

ip nat crypto

Parameters

ip nat crypto


ip nat crypto	Enables unique identification of APs and the hosts present in each AP‘s subnet Providing a unique ID enables the access point, wireless controller, or service platform to uniquely identify the destination device. This is essential in networks where there are multiple APs behind a router, or when two (or more) APs behind two (or more) different routers have the same IP address. Further, the same subnet exists behind these APs. For example, let us consider a scenario where there are two APs (A and B) behind two routers (1 and 2). AP ‘A‘ is behind router ‘1‘. And AP ‘B‘ is behind router ‘2‘. Both these APs have the same IP address (192.168.13.8). The subnet behind APs A and B is also the same (100.1.1.0/24). In such a scenario the controller fails to uniquely identify the hosts present in either AP‘s subnet. For more information, see remotegw and crypto.

Example

nx9500-6C8809(config-profile-testAP8533-crypto-auto-ipsec-secure)#ip nat crypto

nx9500-6C8809(config-profile-testAP8533-crypto-auto-ipsec-secure)#show context
 crypto auto-ipsec-secure
  remotegw ike-version ikev2 uniqueid
  ip nat crypto
nx9500-6C8809config-profile-testAP8533-crypto-auto-ipsec-secure)#