Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security vpn ipsec nat-networks allowed-network <ipv4net>

This command is no longer required. Running this command has no effect on the configuration.

set security vpn ipsec nat-networks allowed-network ipv4net [ exclude ipv4net-exclude ]
delete security vpn ipsec nat-networks allowed-network ipv4net [ exclude ipv4net-exclude ]
show security vpn ipsec nat-networks allowed-network [ ipv4net [ exclude ] ]
ipv4net
Multi-node. An IPv4 network of private IP addresses that remote hosts behind a NAT device may use.
ipv4net-exclude
Multi-node. An IPv4 network to be excluded from the allowed network range. These are the RFC 1918 (“private”) IP addresses being used on the network internal to this VPN gateway.

Configuration mode

security {
        vpn {
            ipsec {
                nat-networks {
                    allowed-network ipv4net {
                        exclude ipv4net-exclude
                }
            }
        }
    }
}

Use this command to specify RFC 1918 private IP addresses for remote networks that may reside behind a NAT device.

Unlike public IP addresses, private IP addresses may be re-used between sites. That means that private IP address ranges behind a NAT device at the far end of the VPN connection may overlap or be coextensive with private IP addresses on the internal network behind this VPN gateway, causing routing problems. For this reason, you must specify the allowed private network addresses that reside behind a NAT device, excluding internal network addresses.

IP addresses reserved for private networks lists the three blocks of the IP address space that the Internet Assigned Numbers Authority (IANA) has reserved for private internets.

Table 1. IP addresses reserved for private networks
Network Prefix

10.0.0.0-10.255.255.255

10.0.0.0/8

172.16.0.0-172.31.255.255

172.16.0.0/12

192.168.0.0-192.168.255.255

192.168.0.0/16

Use the set form of this command to specify the private network addresses that remote hosts behind a NAT device may use.

Use the delete form of this command to remove the configuration.

Use the show form of this command to view the configuration.