NAT-T

E123430

NAT-T (NAT Traversal) is an IPsec extension that enables VPN traffic to pass through Network Address Translation devices by encapsulating IPsec packets in UDP.

All labels observed (2)

Label Occurrences
NAT-T canonical 1
Network Address Translation Traversal 1

How this entity was disambiguated

Statements (47)

Predicate Object
instanceOf IPsec extension
network protocol mechanism
affectedBy firewall UDP filtering policies
alternativeTo IPsec over TCP
SSL VPN in some scenarios
category VPN technology
network security technology
commonlyImplementedIn consumer VPN clients
enterprise VPN gateways
home broadband routers with VPN support
compatibleWith AH (with limitations)
ESP
definedIn RFC 3947
RFC 3948
enables IPsec traffic through NAT devices
encapsulates IPsec packets in UDP
fullName NAT Traversal
hasLimitation adds encapsulation overhead
may fail if UDP port 4500 is blocked
improves IPsec interoperability with enterprise firewalls
IPsec interoperability with home routers
mayBeUsedWith carrier-grade NAT (CGNAT)
operatesAtLayer network layer
transport layer
performs NAT keepalive
primaryGoal allow IPsec to traverse NAT devices
relatedTo IKE
IKEv1
IKEv2
requires IKE negotiation of UDP encapsulation
NAT detection
UDP checksum handling by NAT devices
support on both VPN endpoints
solves IPsec and NAT incompatibility
standsFor NAT-T self-linksurface differs
surface form: Network Address Translation Traversal
supports VPN traffic
usedBy IPsec-based remote access clients
IPsec-based site-to-site tunnels
usedIn remote access VPN
road-warrior VPN scenarios
site-to-site VPN
usedWith IPsec
uses NAT-keepalive packets
UDP encapsulation of ESP packets
usesDefaultPort 4500
usesTransportProtocol UDP
worksWith IPv4 NAT

How these facts were elicited

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

IPsec hasExtension NAT-T
NAT-T standsFor NAT-T self-linksurface differs
this entity surface form: Network Address Translation Traversal