Viewing ike sas – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

833

Item

Description

Enable the NAT traversal
function

Enable the NAT traversal function for IPsec/IKE.
The NAT traversal function must be enabled if a NAT security gateway exists in

an IPsec/IKE VPN tunnel.

IMPORTANT:

To save IP addresses, ISPs often deploy NAT gateways on public networks to

allocate private IP addresses to users. In this case, one end of an IPsec/IKE tunnel
may have a public address while the other end may have a private address, and

NAT traversal must be configured at the private network side to set up the tunnel.

Viewing IKE SAs

1.

From the navigation tree, select VPN > IKE.

2.

Click the IKE SA tab.
The IKE SA list page appears.

Figure 887 IKE SA list

You can click Delete All to remove all ISAKMP SAs. To clear a local IPsec SA, the local end must
send a Delete Message to the remote end over the corresponding ISAKMP SA. The message
notifies the remote end to delete the IPsec SA. If the corresponding ISAKMP SA does not exist, the

local end cannot notify the remote end to clear the IPsec SA.

Table 273 Field description

Field

Description

Connection ID

Identifier of the ISAKMP SA.

Remote IP Address

Remote IP address of the SA.