Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

security vpn ipsec site-to-site peer <peer> tunnel <tunnel> allow-nat-networks <state>

This command is no longer required. Running this command has no effect on the configuration.

set security vpn ipsec site-to-site peer peer tunnel tunnel allow-nat-networks state
delete security vpn ipsec site-to-site peer peer tunnel tunnel allow-nat-networks
show security vpn ipsec site-to-site peer peer tunnel tunnel allow-nat-networks

A connection to a private network is not allowed (disabled).

peer
Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
tunnel
Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.

A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.

state
Allows connection to a defined network of private IP addresses on a per-tunnel basis. Supported values are as follows:

enable—Allow connection to the private network.

disable—Do not allow connection to the private network.

This option is mandatory if the allow-public-networks is enabled; optional otherwise. The allowed private network must be defined by using security vpn ipsec nat-networks allowed-network <ipv4net>.

If this option is enabled, any value set for the remote prefix option is ignored.

Configuration mode


security {
        vpn {
            ipsec {
            site-to-site {
                peer peer {
                    tunnel tunnel {
                        allow-nat-networks state
                    }
                }
            }
        }
    }
}

Use this command to specify whether or not a connection to a private network is allowed.

Use the set form of this command to specify whether or not a connection to a private network is allowed.

Use the delete form of this command to remove the configuration and return it to the default behavior.

Use the show form of this command to view the configuration.