Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Configuring the Type of Application Secured by Connections Created with an IPsec Transport Profile
You can use the application command to specify the types of application secured by connections created with this IPsec transport profile. You can specify multiple applications on the same command line:
- dvmrp—Secures DVMRP tunnel traffic
- gre—Secures GRE tunnel traffic
- l2tp—Secures L2TP traffic
- l2tp-nat-passthrough—Secures L2TP traffic and also allows clients to connect from behind
NAT devices that support IPsec passthrough. To allow these clients
to connect, the router:
- Does not generate or verify UDP checksums. This does not compromise security because IPsec protects UDP packets with an authentication algorithm far stronger than UDP checksums.
- Provides IPsec filtering based on the received IP address (the NAT public IP address), rather than filtering based on the negotiated IKE identities.
To specify the types of application:
- Issue the application command in IPsec Transport Profile Configuration mode.
host1(config-ipsec-transport-profile)#application
gre dvmrp l2tp
Use the no version to return to the default application type, L2TP.
