3com 3031 Instruccion De Instalación

C

HAPTER

 61: IKE C

ONFIGURATION

Perform the following in the IKE-peer View.

The ID specified by this command should be the same ID specified using the 

command on the remote security GW.

If the initiator uses GW name in IKE negotiation (that is, 

 is used), 

the peer must configure the 

 command. In addition, the name 

configured using this command should be consistent with the name configured 
using the 

 command.

Perform the following in the IKE-peer View.

You do not need to use these commands unless the ID type in IKE negotiation is 
set to IP address.

Generally speaking, you do not need to configure the

 command 

unless you want to specify a special address for the local GW (such as the address 
of loopback interface).

The 

configured using this command should be consistent with the IP 

address of the GW configured on the remote security GW.

The NAT traversal function must be configured so long as there is a NAT IPSec 
device on the VPN tunnel constructed using IPSec/IKE.

Perform the following in the IKE-peer View.

To save IP address space, ISPs often add NAT gateways to public networks, so as to 
allocate private IP addresses to users. This may lead to IPSec/IKE tunnel having 
both public network address and private network address at both ends. Hence you 

Table 936   Specifying ID of the remote security GW

Specify a remote security GW

Remove ID of the remote security GW

Table 937   Configuring IP address of security GWs

Configure IP address of the local security GW

Delete the IP address of the local security GW

Configure IP address of the remote security GW

Delete the IP address of the remote security GW

Table 938   Configuring the NAT traversal function of IPSec/IKE

Enable the NAT traversal function of IPSec/IKE

Disable the NAT traversal function of IPSec/IKE