NAT-T

From Wikipedia, the free encyclopedia

  (Redirected from NAT transversal)
Jump to: navigation, search

NAT-T (NAT Traversal in the IKE) is a method of enabling IPsec-protected IP datagrams to pass through a Network address translator (NAT).

An IP packet is modified while passing through a network address translator device in a manner that is incompatible with Internet Protocol Security (IPsec). NAT-T protects the original IPsec encoded packet by encapsulating it with another layer of UDP and IP headers.

The negotiation during the Internet key exchange (IKE) phase is defined in RFC 3947 and the UDP encapsulation itself is defined in RFC 3948.

Most major networking vendors support NAT-T for IKEv1 in their devices. In Microsoft Windows XP with Service Pack 2 the feature can be enabled [1] but is disabled because of security issues [2].


[edit] References

  • RFC 3715: IPsec-Network Address Translation (NAT) Compatibility Requirements
  • RFC 3947: Negotiation of NAT-Traversal in IKE
  • RFC 3948: UDP Encapsulation of IPsec ESP Packets
  1. ^ http://support.microsoft.com/kb/818043/en-us
  2. ^ http://support.microsoft.com/kb/885348/en-us
Retrieved from "http://en.wikipedia.org/wiki/NAT-T"