NAT CLI Commands
2/1553-ZAT 759 94 Uen B – December 2005
347
14.7 nat
iketranslation
14.7.1 Syntax
nat iketranslation {cookies|ports}
14.7.2 Description
This command supports NAT IPSec traversal. It allows you to specify how
Internet Key Exchange (IKE) packets are translated.
IKE establishes a shared security policy and authenticates keys for services
that require keys, such as IPSec. Before any IPSec traffic can be passed,
each router/firewall/host must verify the identity of its peer. This can be done
by manually entering pre-shared keys into both hosts or by a CA service.
14.7.3 Options
The following table gives the range of values for each option which can be
specified with this command and a default value (if applicable).
Option Description
Default
value
cookies
Source port will not be translated for
IKE packets; IKE cookies are used
to identify IKE sessions.
ports
Source port will be translated for IKE
packets.
ports
14.7.4 Example
-->
nat iketranslation cookies