[Vpn-help] How does NAT-T really works?

Matthew Grooms mgrooms at shrew.net
Fri Nov 21 07:52:48 CST 2008


Stefan Bauer wrote:
> Hi Matthew,
> 
> i'm still confused, how nat-t really works. I've seen setups, where a
> single client can made up roadwarrior connections to his company
> through a nat without nat-t. Is there any _good!_ and _easy_
> documentation how a ipsec association works with nat-t? I'm looking
> for something detailed like:
> 
> Client sends first package with destination-port 500 to ipsec-server.
> ipsec server answers to package ....
> 
> Probably you get this questions asked often, but i'm really trying to
> understand this in principle. I appreciate your help.
> 

There are two RFCs that describes the process in detail. One covers 
negotiation of NAT-Traversal and the other describes the UDP encapsulation.

http://tools.ietf.org/html/rfc3947
http://tools.ietf.org/html/rfc3948

Thanks,

-Matthew



More information about the vpn-help mailing list