B-49
User Guide for CiscoSecurity Manager3.0.1
OL-8214-02
AppendixB Site-to-Site VPN User Interface Reference Site to Site VPN Policies
Field Reference
TableB-17 VPN Global Settings Page> NAT Settings Tab
Element Description
Enable NAT Traversal When selected,enables you toconfigure NAT traversal on adevice.
You use NAT traversal when there is a device (referred to as the
middle device) located between a VPN-connected hub and spoke,
that performs Network Address Translation (NAT) on the IPSec
traffic.
For more information, see About NAT Traversal, page9-71.
Keepalive Interval Available when NAT Traversal is enabled.
Theinterval, in seconds, between the keepalive signals sent between
thespoke and the middle device to indicate that the session is active.
The keepalive value can be from 5 to 3600 seconds.
Enable PAT (Port Address
Translation) on Split Tunneling
for Spokes
Supported on Cisco IOS routers and Catalyst 6500/7600 devices.
When selected, enables Port Address Translation (PAT) to be used
for split-tunneled traffic on spokes in your VPN topology.
PAT can associate thousands of privateNAT addresses with a small
group of public IP address, through the use of port addressing. PAT
is used if the addressing requirements of your network exceed the
available addresses in your dynamic NATpool. See Understanding
NAT, page 9-70.
Note When this check box is enabled, Security Manager
implicitly creates an additional NATrule for split-tunneled
traffic, on deployment. This NAT rule, which denies
VPN-tunneled trafficand permits all other traffic (using the
external interface as the IP address pool), will not be
reflected as a router platform policy.
For information on creating or editing a dynamic NAT rule as a
router platform policy, seeDefining Dynamic NAT Rules,
page 12-20.
Save button Saves your changes to the server but keeps them private.
Note To publish your changes, click theSubmit button on the
toolbar.