What is NAT-T ?

NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.
The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn't have "port-numbers" like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers.

With NAT-T the ESP packets are encapsulated within UDP packets (normally UDP/4500). Now that the packets are UDP based the NAT device can correctly NAT the traffic due to being to change the port numbers due to having the required packet headers.

About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001