Cisco Systems OL-5532-02 manual Defining the VPN 3000 Access Hours

Field Name

Type

Instructions

Allow IPsec

checkbox

The Allow IPsec through NAT option lets you use the Cisco VPN Client to connect

Through NAT

to the VPN Concentrator via UDP through a firewall or router that is running NAT.

Enabling this feature creates runtime filter rules that forward UDP traffic for the

configured port even if other filter rules on the interface drop UDP traffic. These

runtime rules exist only while there is an active IPsec through NAT session. The

system passes inbound traffic to IPsec for decryption and unencapsulation, and then

passes it on to the destination. The system passes outbound traffic to IPsec for

encryption and encapsulation, applies a UDP header, and forwards it.

Check to enable the IPsec client to operate through a firewall using NAT via UDP.

Uncheck (disable) this option to prevent to IPsec clients from operating through a

firewall that is using NAT.

IPsec Through NAT

text box

If you selected Allow IPsec Through NAT, enter the UDP port to be used for IPsec

Port

traffic, using any port from 4001 to 49151. The default is 10000.

Allow Password

checkbox

Check to allow the IPsec client to store its password locally.

Storage on Client

Banner

text box

Enter the banner text to display for this group. The banner cannot exceed 512

characters.

4-20

OL-5532-02