IPsec over TCP
E522224
IPsec over TCP is a method of encapsulating IPsec traffic within TCP packets to traverse restrictive firewalls and NAT devices that block traditional IPsec protocols.
All labels observed (1)
| Label | Occurrences |
|---|---|
| IPsec over TCP canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T5479283 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: IPsec over TCP Context triple: [NAT-T, alternativeTo, IPsec over TCP]
-
A.
IPsec
IPsec is a suite of protocols that provides secure, encrypted communication over IP networks by authenticating and protecting the integrity and confidentiality of data packets.
-
B.
NAT-T
NAT-T (NAT Traversal) is an IPsec extension that enables VPN traffic to pass through Network Address Translation devices by encapsulating IPsec packets in UDP.
-
C.
TCP/IP
TCP/IP is the fundamental communication protocol suite that enables data transmission and networking across the internet and most modern computer networks.
-
D.
Encapsulating Security Payload
Encapsulating Security Payload (ESP) is a core IPsec protocol that provides confidentiality, integrity, and optional authentication for IP packets through encryption and encapsulation.
-
E.
SCTP
SCTP (Stream Control Transmission Protocol) is a transport-layer network protocol designed to provide reliable, message-oriented communication with features like multi-streaming and multi-homing, often used for signaling and real-time data transmission.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: IPsec over TCP Target entity description: IPsec over TCP is a method of encapsulating IPsec traffic within TCP packets to traverse restrictive firewalls and NAT devices that block traditional IPsec protocols.
-
A.
IPsec
IPsec is a suite of protocols that provides secure, encrypted communication over IP networks by authenticating and protecting the integrity and confidentiality of data packets.
-
B.
NAT-T
NAT-T (NAT Traversal) is an IPsec extension that enables VPN traffic to pass through Network Address Translation devices by encapsulating IPsec packets in UDP.
-
C.
TCP/IP
TCP/IP is the fundamental communication protocol suite that enables data transmission and networking across the internet and most modern computer networks.
-
D.
Encapsulating Security Payload
Encapsulating Security Payload (ESP) is a core IPsec protocol that provides confidentiality, integrity, and optional authentication for IP packets through encryption and encapsulation.
-
E.
SCTP
SCTP (Stream Control Transmission Protocol) is a transport-layer network protocol designed to provide reliable, message-oriented communication with features like multi-streaming and multi-homing, often used for signaling and real-time data transmission.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
VPN traversal method
ⓘ
network tunneling technique ⓘ |
| addressesProblem |
blocking of traditional IPsec protocols
ⓘ
firewalls blocking ESP ⓘ firewalls blocking IKE ⓘ firewalls blocking UDP encapsulated IPsec ⓘ |
| alternativeTo |
IPsec over UDP
ⓘ
NAT-T (UDP encapsulation for IPsec) NERFINISHED ⓘ |
| canBypass | firewalls that only allow outbound HTTPS-like traffic ⓘ |
| canComplicate | traffic inspection by middleboxes ⓘ |
| canUsePort | custom TCP port ⓘ |
| compatibleWith |
NAT devices that block ESP
ⓘ
stateful firewalls allowing only TCP ⓘ |
| configurationOptionIn | some commercial VPN products ⓘ |
| deploymentConsideration |
may be disabled by security policy due to obfuscation
ⓘ
must be enabled on both client and gateway ⓘ |
| encapsulatedWithin | TCP ⓘ |
| encapsulates |
ESP packets
ⓘ
IKE traffic ⓘ |
| encapsulationDirection | IPsec inside TCP ⓘ |
| goal | improve IPsec connectivity in hostile network environments ⓘ |
| hasPurpose |
traversing NAT devices
ⓘ
traversing restrictive firewalls ⓘ |
| improves | traversal through HTTP proxies when using TCP 443 ⓘ |
| isTransport | reliable byte-stream for IPsec packets ⓘ |
| layer | transport layer encapsulation ⓘ |
| mayCause | head-of-line blocking for encapsulated IPsec traffic ⓘ |
| mayImpact |
latency
ⓘ
throughput ⓘ |
| operatesOver |
IPv4
ⓘ
IPv6 ⓘ |
| relatedConcept |
SSL VPN
NERFINISHED
ⓘ
VPN over HTTPS ⓘ tunneling through restrictive networks ⓘ |
| requires |
IPsec-capable VPN client
ⓘ
IPsec-capable VPN gateway ⓘ TCP session establishment before IPsec traffic ⓘ |
| requiresConfiguration |
TCP port selection on VPN gateway
ⓘ
matching TCP port on VPN client ⓘ |
| securityProperty | preserves IPsec encryption and authentication semantics ⓘ |
| tradeOff |
increased overhead compared to native IPsec
ⓘ
potential TCP-over-TCP performance issues ⓘ |
| typicalTCPPort |
10000
ⓘ
443 ⓘ |
| usedIn |
enterprise VPN deployments
ⓘ
remote access VPNs ⓘ |
| usesProtocol | IPsec NERFINISHED ⓘ |
| visibilityToMiddleboxes | appears as generic TCP traffic ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: IPsec over TCP Description of subject: IPsec over TCP is a method of encapsulating IPsec traffic within TCP packets to traverse restrictive firewalls and NAT devices that block traditional IPsec protocols.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.