crypto ipsec nat-transparency spi-matching

Unanswered Question
Apr 29th, 2009
User Badges:


could someone please help in undestanding this command. It is not clearly explained in ofiicial documents.

When and how to use it?

How does it differ from crypto ipsec nat-transparency udp-encapsulation?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Anonymous (not verified) Thu, 05/07/2009 - 14:55
User Badges:

Security parameter index (SPI) matching is used to establish VPN connections between multiple pairs of destinations. NAT entries are immediately placed in the translation table for endpoints matching the configured access list. SPI Matching is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T.

The generation of SPIs that are predictable and symmetric is enabled. SPI Matching should be used in conjunction with NAT devices when multiple ESP connections across a NAT device are desired.

SPI Matching is disabled. This task may be used to either enable SPI Matching.


This Discussion