NAT
Click on the red underlined text to get to the source
...
Network Address Translation (NAT) traversal works with both the old
and revised IPsec architectures ...
... destination port 500
and possibly also port 4500 if NAT traversal is used.
The packet format ...
... Aboba, B. and W. Dixon, "IPsec-Network Address Translation (NAT) Compatibility Requirements", RFC 3715 ...
... destination port 500 and possibly also
port 4500 if NAT traversal is used.
The IDci and IDcr payloads ...
... B.2. NAT Traversal and Mobility ...
... IKEv2 can detect the presence of a NAT automatically by sending
NAT_DETECTION_SOURCE_IP and NAT_DETECTION_DESTINATION ...
... payloads in
the initial IKE_SA_INIT exchange. Once a NAT is detected and both
endpoints support IPsec ...
...
1. One of the tunnel endpoints is often behind a NAT, and configured
tunneling, using protocol ...
... tunneling, using protocol 41, is not guaranteed to traverse the
NAT. Hence, using IPsec tunnels would enable one to set up both
...
... tunneling mechanisms.
2. Using NAT traversal allows the outer address to change without
having to renegotiate the SAs ...
... having to renegotiate the SAs. This could be beneficial for a
crude form of mobility and in scenarios where the NAT changes the
IP addresses frequently. However, as the outer address ...
... tunnel mode would be most appropriate.
When NAT is not applied, the second benefit would still be desirable.
In particular, using manually configured tunneling is an operational
...