![]() |
![]() |
PA IPSEC NAT-T Control Bit Definitions | |
Bitmap definition of the ctrlBitMap in paIpsecNatTConfig_t. | |
#define | pa_IPSEC_NAT_T_CTRL_ENABLE 0x0001 |
#define | pa_IPSEC_NAT_T_CTRL_LOC_LUT1 0x0002 |
#define pa_IPSEC_NAT_T_CTRL_ENABLE 0x0001 |
Control Info -- Set: Enable IPSEC NAT-T packet detection Clear: Disable IPSEC NAT-T packet detection
#define pa_IPSEC_NAT_T_CTRL_LOC_LUT1 0x0002 |
Control Info -- Set: Perform IPSEC NAT-T packet detection at Ingress 1 (LUT1) stage Clear: Perform IPSEC NAT-T packet detection at Ingress 4 (LUT2) stage (default)
The IPSEC ESP NAT-T packet detector is implemented at the processing stage (PDSP3) where the LUT2 classification occurs at the first generation PASS. The drawback is that the detected IPSEC ESP NAT-T packet has to be re-routed into the PASS Outer IP processing stage (PDSP1) for continuous processing and this operation reduces the overall throughput. In the 2nd generation PASS, the IPSEC NAT-T detector is implemented within Ingress 1 (Outer IP and IPSEC) processing stage to avoid the re-entry operation. However, the detector is also implemented at the Ingress4 (LUT2) stage to maintain backward compatibility. It is recommended to set this flag to one to enable the IPSEC ESP NAT-T detector at Ingress 1 stage to maintain the maxmium PASS throughput.