Filter
Top Products
B-49
User Guide for Cisco Security Manager 3.0.1
OL-8214-02
Appendix B Site-to-Site VPN User Interface Reference
Site to Site VPN Policies
Field Reference
Table B-17 VPN Global Settings Page > NAT Settings Tab
Element Description
Enable NAT Traversal When selected, enables you to configure NAT traversal on a device.
You use NAT traversal when there is a device (referred to as the
middle device) located between a VPN-connected hub and spoke,
that performs Network Address Translation (NAT) on the IPSec
traffic.
For more information, see About NAT Traversal, page 9-71.
Keepalive Interval Available when NAT Traversal is enabled.
The interval, in seconds, between the keepalive signals sent between
the spoke and the middle device to indicate that the session is active.
The keepalive value can be from 5 to 3600 seconds.
Enable PAT (Port Address
Translation) on Split Tunneling
for Spokes
Supported on Cisco IOS routers and Catalyst 6500/7600 devices.
When selected, enables Port Address Translation (PAT) to be used
for split-tunneled traffic on spokes in your VPN topology.
PAT can associate thousands of private NAT addresses with a small
group of public IP address, through the use of port addressing. PAT
is used if the addressing requirements of your network exceed the
available addresses in your dynamic NAT pool. See Understanding
NAT, page 9-70.
Note When this check box is enabled, Security Manager
implicitly creates an additional NAT rule for split-tunneled
traffic, on deployment. This NAT rule, which denies
VPN-tunneled traffic and permits all other traffic (using the
external interface as the IP address pool), will not be
reflected as a router platform policy.
For information on creating or editing a dynamic NAT rule as a
router platform policy, see Defining Dynamic NAT Rules,
page 12-20.
Save button Saves your changes to the server but keeps them private.
Note To publish your changes, click the Submit button on the
toolbar.