security vpn ipsec nat-networks allowed-network <ipv4net>
This command is no longer required. Running this command has no effect on the configuration.
- ipv4net
- Multi-node. An IPv4 network of private IP addresses that remote hosts behind a NAT device may use.
- ipv4net-exclude
- Multi-node. An IPv4 network to be excluded from the allowed network range. These are the RFC 1918 (“private”) IP addresses being used on the network internal to this VPN gateway.
Configuration mode
security {
vpn {
ipsec {
nat-networks {
allowed-network ipv4net {
exclude ipv4net-exclude
}
}
}
}
}Use this command to specify RFC 1918 private IP addresses for remote networks that may reside behind a NAT device.
Unlike public IP addresses, private IP addresses may be re-used between sites. That means that private IP address ranges behind a NAT device at the far end of the VPN connection may overlap or be coextensive with private IP addresses on the internal network behind this VPN gateway, causing routing problems. For this reason, you must specify the allowed private network addresses that reside behind a NAT device, excluding internal network addresses.
IP addresses reserved for private networks lists the three blocks of the IP address space that the Internet Assigned Numbers Authority (IANA) has reserved for private internets.
| Network | Prefix |
|---|---|
10.0.0.0-10.255.255.255 | 10.0.0.0/8 |
172.16.0.0-172.31.255.255 | 172.16.0.0/12 |
192.168.0.0-192.168.255.255 | 192.168.0.0/16 |
Use the set form of this command to specify the private network addresses that remote hosts behind a NAT device may use.
Use the delete form of this command to remove the configuration.
Use the show form of this command to view the configuration.