Setting the NAT keepalive timer
If IPsec traffic needs to pass through NAT security gateways, you must configure the NAT traversal function. If no packet travels across an IPsec tunnel in a certain period of time, the NAT mapping may get aged and be deleted, disabling the tunnel beyond the NAT gateway from transmitting data to the intended end. To prevent NAT mappings from being aged, an ISAKMP SA behind the NAT security gateway sends NAT keepalive packets to its peer at a certain interval to keep the NAT session alive.
To set the NAT keepalive timer:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Set the NAT keepalive interval. | ike sa nat-keepalive-timer interval seconds | 20 seconds by default. |