Feed
Discussion
IPsec VPN: NAT Traversal (NAT-T)
Overview of NAT-T feature NAT-T (Network Address Translation Traversal) is a feature of IPSec VPN that allows two endpoints to communicate with each other even if they are behind a NAT device. It works by encapsulating the IPSec packets in UDP pack...
jeetintyagi.hashnode.dev3 min read
Responses(2)
Hi All. I have a query. If NAT-T is disabled and we have NAT device in between, would tunnel come up or not? Also up to how many messages negotiations will happen?
Jitin Tyagi
CCNA 200-301 | CCNP ENCOR | CCNP SCOR | CCIE Security
Phase 2 / Data Plane is the Absolute Blocker Even if Phase 1 somehow succeeds, ESP (IP Protocol 50) cannot be NATted:
ESP has no TCP/UDP port numbers — NAT has nothing to track/translate The NAT device will drop ESP packets silently No data will flow; the tunnel stays non-functional