Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

crypto ipsec nat-transparency spi-matching

Hello,

could someone please help in undestanding this command. It is not clearly explained in ofiicial documents.

When and how to use it?

How does it differ from crypto ipsec nat-transparency udp-encapsulation?

etc.

Thanks

1 REPLY
Anonymous
N/A

Re: crypto ipsec nat-transparency spi-matching

Security parameter index (SPI) matching is used to establish VPN connections between multiple pairs of destinations. NAT entries are immediately placed in the translation table for endpoints matching the configured access list. SPI Matching is available only for endpoints that choose SPIs according to the predictive algorithm implemented in Cisco IOS Release 12.2(15)T.

The generation of SPIs that are predictable and symmetric is enabled. SPI Matching should be used in conjunction with NAT devices when multiple ESP connections across a NAT device are desired.

SPI Matching is disabled. This task may be used to either enable SPI Matching.

3929
Views
0
Helpful
1
Replies
CreatePlease to create content