NAT-T

From Wikipedia, the free encyclopedia

NAT-T (NAT-Traversal in the IKE) is a mechanism in IPsec for UDP encapsulation of the ESP packets in order to better go through firewalls. The negotiation during the Internet key exchange (IKE) phase is defined in RFC 3947 and the UDP encapsulation itself is defined in RFC 3948.

This capability exists in Microsoft Windows XP with Service Pack 2 but must be enabled.

All the major vendors (Cisco, Juniper et. al) support NAT-T for IKEv1 in their devices as well.

[edit] NAT-T RFCs

RFC 3715
IPsec-Network Address Translation (NAT) Compatibility Requirements
RFC 3947
Negotiation of NAT-Traversal in the IKE
RFC 3948
UDP Encapsulation of IPsec ESP Packets
In other languages