ike-esp-nat
Syntax
ike-esp-nat {
enable;
esp-gate-timeout seconds;
esp-session-timeout seconds;
state-timeout seconds;
traceoptions {
flag {
all {
extensive
}
}
}
}
Hierarchy Level
[edit logical-systems name security alg], [edit logical-systems name tenants name security alg], [edit security alg], [edit services alg], [edit tenants name security alg]
Description
Configure Application Layer Gateway (ALG) for Internet Key Exchange (IKE) and Encapsulating Security Payload (ESP) traffic with Network Address Translation (NAT).
Options
Enable—Enable the IKE-ESP ALG.esp-gate-timeout seconds—Set the timeout for the ESP gates created after an IKE Phase 2 exchange has completed.Range: 2 through 30 seconds.
Default: 5 seconds.
esp-session-timeout seconds—Set the idle timeout for the ESP sessions created from the IPsec gates.Range: 60 through 2400 seconds.
Default: 1800 seconds.
state-timeout seconds—Set the timeout for the ALG state information.Range: 180 through 86,400 seconds.
Default: 14,400 seconds.
traceoptions—Set the IKE-ESP ALG trace options.flag—Specify which tracing operation to perform.all—Trace all operations.extensive—Set trace verbosity level to extensive.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5.
Statement supported at hierarchy [edit logical-systems
name tenants name security alg tenant] in Junos OS Release 18.3R1.