Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring the Type of Application Secured by Connections Created with an IPsec Transport Profile

    You can use the application command to specify the types of application secured by connections created with this IPsec transport profile. You can specify multiple applications on the same command line:

    • dvmrp—Secures DVMRP tunnel traffic
    • gre—Secures GRE tunnel traffic
    • l2tp—Secures L2TP traffic
    • l2tp-nat-passthrough—Secures L2TP traffic and also allows clients to connect from behind NAT devices that support IPsec passthrough. To allow these clients to connect, the router:
      • Does not generate or verify UDP checksums. This does not compromise security because IPsec protects UDP packets with an authentication algorithm far stronger than UDP checksums.
      • Provides IPsec filtering based on the received IP address (the NAT public IP address), rather than filtering based on the negotiated IKE identities.

    To specify the types of application:

    • Issue the application command in IPsec Transport Profile Configuration mode.
    host1(config-ipsec-transport-profile)#application gre dvmrp l2tp

    Use the no version to return to the default application type, L2TP.

    Published: 2014-08-12