What is NAT-T ?

NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.
The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn’t have “port-numbers” like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers.

With NAT-T the ESP packets are encapsulated within UDP packets (normally UDP/4500). Now that the packets are UDP based the NAT device can correctly NAT the traffic due to being to change the port numbers due to having the required packet headers.

Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial