security vpn ipsec site-to-site peer <peer> tunnel <tunnel> allow-nat-networks <state>
This command is no longer required. Running this command has no effect on the configuration.
A connection to a private network is not allowed (disabled).
- peer
- Mandatory. The address of the far-end VPN gateway. The format is an IPv4 address, an IPv6 address, a hostname (IPv4 networks only), an authentication ID, or 0.0.0.0.
- tunnel
- Mandatory. Multi-node. An integer that uniquely identifies this tunnel configuration for this peer VPN gateway. Each tunnel corresponds to a distinct connection configuration. The numbers range from 0 through 4294967295.
A given VPN peer may have more than one tunnel configuration, but each peer must have at least one. To define more than one tunnel configuration for a peer, create multiple tunnel configuration nodes within the peer configuration.
- state
- Allows connection to a defined network of private IP addresses on a per-tunnel basis. Supported values are as follows:
enable—Allow connection to the private network.
disable—Do not allow connection to the private network.
This option is mandatory if the allow-public-networks is enabled; optional otherwise. The allowed private network must be defined by using security vpn ipsec nat-networks allowed-network <ipv4net>.
If this option is enabled, any value set for the remote prefix option is ignored.
Configuration mode
security {
vpn {
ipsec {
site-to-site {
peer peer {
tunnel tunnel {
allow-nat-networks state
}
}
}
}
}
}
Use this command to specify whether or not a connection to a private network is allowed.
Use the set form of this command to specify whether or not a connection to a private network is allowed.
Use the delete form of this command to remove the configuration and return it to the default behavior.
Use the show form of this command to view the configuration.