fir3net

PPS-Firenetbanner-780.5x190-30-03-17

What is NAT-T ?

NAT-T (NAT Transversal) allows for IP-ESP packets to transverse devices which introduce NAT.
The problem with IPSec is that it uses the IP-ESP protocol naively. The ESP protocol doesn't have "port-numbers" like TCP and UDP so NAT does not know how to translate the traffic because NAT/PAT is based on port numbers.

With NAT-T the ESP packets are encapsulated within UDP packets (normally UDP/4500). Now that the packets are UDP based the NAT device can correctly NAT the traffic due to being to change the port numbers due to having the required packet headers.