[x]

Configuring IKE > Setting the NAT keepalive timer

 

 Next

Setting the NAT keepalive timer

If IPsec traffic needs to pass through NAT security gateways, you must configure the NAT traversal function. If no packet travels across an IPsec tunnel in a certain period of time, the NAT mapping may get aged and be deleted, disabling the tunnel beyond the NAT gateway from transmitting data to the intended end. To prevent NAT mappings from being aged, an ISAKMP SA behind the NAT security gateway sends NAT keepalive packets to its peer at a certain interval to keep the NAT session alive.

To set the NAT keepalive timer:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Set the NAT keepalive interval.

ike sa nat-keepalive-timer interval seconds

20 seconds by default.

prev

 

up

 next

Setting keepalive timers 

home

 Configuring a DPD detector

© Copyright 2016 Hewlett Packard Enterprise Development LP