Requirements when Behind a NAT

The CloudEOS and vEOS Router supports the use of NAT-Traversal to communicate with the remote peer behind a NAT. Configure the tunnel source with the outgoing interface IP address on the router.

Flow Parallelization
To achieve high throughput over an IPsec connection, enable the IPsec flow parallelization feature. When the feature is enabled, multiple cores are used to parallelize the IPsec encryption and decryption processing. To enable this feature, include the flow parallelization encapsulation udp command in the IPsec profile configuration.
Note: The feature must be enabled on both sides of the tunnel. Other vendors do not support Flow Parallelization.
Note: This feature should be used with GRE over IPsec.

If the IPsec session is established without the feature enabled, complete the following tasks:

  • Under the IPsec profile for the tunnel use the flow parallelization encapsulation udp command to enable the feature.
  • Shutdown the tunnel on the tunnel interface.
  • Bring the tunnel back up on the tunnel interface. After it is up, this enables the feature.