Configuring global parameters
Related topics:
on page 499
on page 499
Enabling invalid SPI recovery
About this task
Invalid SPI Recovery enables an IKE SA to be established when an invalid security parameter
index error occurs during packet processing. A notification of the invalid SPI error is sent to
the originating peer so that the SA databases can be re-synchronized, and successful packet
processing can be resumed.
Note:
Invalid SPI recovery is enabled by default. Configure invalid SPI recovery only if you wish
to re-enable it after it was disabled.
Procedure
1. Enable invalid SPI recovery with the
crypto isakmp invalid-spi-
recovery
command.
For example:
Gxxx-001#
crypto isakmp invalid-spi-recovery
Done!
2. Configure NAT Traversal global parameters as described in
page 499
NAT Traversal
Network Address Translation (NAT) is a solution to the problem of the scarcity and cost of
public IP addresses. An organization with a single public IP address can use a NAT device to
connect multiple computers to the Internet sharing a single public IP address. However, NAT
causes compatibility problems for many types of network applications, including VPN.
NAT Traversal enables detecting the presence of NAT devices along the path of the VPN
tunnel. Once detected, the two peers tunnel IKE and IPSEC traffic through an agreed-upon
UDP port, allowing the NAT device to work seamlessly with VPN. The standard UDP port used
is port 4500; to find out the port number, use the
show crypto ipsec sa
command.
The Branch Gateway IPSec VPN feature supports NAT Traversal. If your installation includes
one or more NAT devices between the local and remote VPN peers, NAT Traversal should be
enabled, although in some rare cases it may not be required.
Note:
NAT Traversal is enabled by default. Configure NAT Traversal only if you need to re-enable
it after it was disabled, using the
no crypto ipsec nat-transparency udp-
IPSec VPN
Administering Avaya G430 Branch Gateway
October 2013 499
Summary of Contents for G430
Page 1: ...Administering Avaya G430 Branch Gateway Release 6 3 03 603228 Issue 5 October 2013 ...
Page 12: ...12 Administering Avaya G430 Branch Gateway October 2013 ...
Page 246: ...VoIP QoS 246 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...
Page 556: ...IPSec VPN 556 Administering Avaya G430 Branch Gateway October 2013 Comments infodev avaya com ...