Remote Peer ISAKMP Protocol Policy Mode Commands
14-102 Configuring the VPN
XSR(config-isakmp-peer)#exchange-mode main

nat-traversal

ThecommandsetstheIKEandIPSecNAT(NetworkAddressTranslation)traversalmodeused
whencommunicatingwithremotepeersmatchingthepeersubnetandwildcardmasks.
TheautomaticparameterconfiguresIKEtoautomaticallydetectunroutableIPaddressesbetween
thelocalandremotegatewayandtothenswitchtoUDPencapsulationofIPSectraffic.The
alternatevaluesforthisparameter(enabledanddisabled)unconditionallyturnUDPencapsulation
ofIPSecpacketsonoroff,respectively.
Syntax
nat-traversal {automatic | enabled | disabled}
Syntax of the “no” Form
Thenoformofthiscommandresetsthedefaultvalue:
no nat-traversal
Default
Disabled
Mode
RemotePeerISAKMPprotocolpolicyconfiguration:XSR(config-isakmp-peer)#
Example
ThefollowingexamplesetsIKENATmodetoenabled:
XSR(config-isakmp-peer)#nat-traversal enabled

proposal

ThiscommandattachesuptothreeIKEpoliciestoaremotepeer.Proposalsareconfiguredwith
thecrypto isakmp proposal command.
Syntax
proposal pol1 [poll2 poll3]
automatic IKENATmodedynamicallyrespondstodiscoveredunroutableIP
addressesbyUDPencapsulatingthistraffic.
enabled IKENATmodeunconditionallyon.
disabled IKENATmodeunconditionallyoff.
pol2 poll3 Namesofpoliciesattachedtotheremotepeer.