Implementing NAT And NAT-T

RFC 1631

1. Static NAT

– allows public host to communicate with a private host by creating a static one-to-one IP translation entry

2. Dynamic NAT

– pool of available addresses are assigned to private hosts for internet access on an ad-hoc basis by creating a dynamic one-to-one IP translation entry

3. NAPT (PAT)

NAT overloading whereby a single IP is shared by multiple private hosts for internet access on an ad-hoc basis basis by creating a dynamic one-to-one IP and TCP/UDP translation entry

NAT-T operates on the client and allows IPSec peers to connect through a NAT device by encapsulating IPSec traffic in UDP datagram’s on port 4500. NAT-T auto detects NAT devices and allows the client to learn the external IP so that it may configure port mappings to forwards packets from the external port of the NAT to the internal port used by the app. Performed as part of IKE phase 2 and is transparent to the user though some config may be required on the device (router, firewall, concentrator etc) the client connects with to identify whether TCP or UDP is used

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.