NAT Traversal Tutorial - IPSec Over NAT

Uploaded by

Narendra Pattanayak

0% found this document useful (0 votes)

69 views1 page

NAT

Copyright

Available Formats

PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

NAT

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

69 views1 page

NAT Traversal Tutorial - IPSec Over NAT

Uploaded by

Narendra Pattanayak

NAT

Copyright:

Available Formats

Download as PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

5/29/2017 NATTraversaltutorialIPSecoverNAT

NATTraversaltutorialIPSecoverNAT

NATT(NATTraversal)
NatTraversalalsoknownasUDPencapsulationallowstraffictogettothespecified
destinationwhenadevicedoesnothaveapublicaddress.Thisisusuallythecaseifyour
ISPisdoingNAT,ortheexternalinterfaceofyourfirewallisconnectedtoadevicethat
hasNATenabled.

AswellasIPSecprovidingconfidentiality,italsoprovidesauthenticityandintegrity.Now
theproblemiswhenaNATdevicedoesitsNATtranslations,theembeddedaddressof
thesourcecomputerwithintheIPpayloaddoesnotmatchthesourceaddressoftheIKE
packetasitisreplacedbytheaddressoftheNATdevice.Thismeansbreakingthe
authenticitywhichwillcausethepacketbytheremotepeertobedropped.Sowhenthe
NATdevicealtersthepacket,it'sintegrityandauthenticationwillfail.

Alsoinsomecasesdependingonthelevelofencryption,thepayloadandinparticular
theheadersareencryptedwhenusingIPSecESPmode.TheNATdevicecannotchange
theseencryptedheaderstoitsownaddresses,ordoanythingwiththem.

TheNATdeviceinthemiddlebreakstheauthenticity,integrityandinsomecasescan
notdoanythingatallwiththepacket.ItisclearNATandIPSecareincompatiblewith
eachother,andtoresolvethisNATTraversalwasdeveloped.NATTraversaladdsaUDP
headerwhichencapsulatestheIPSecESPheader.AsthisnewUDPwrapperisNOT
encryptedandistreatedasjustlikeanormalUDPpacket,theNATdevicecanmakethe
requiredchangesandprocessthemessage,whichwouldnowcircumventtheabove
problems.AlsoenablingNatTraversalonthegatewaysresolvestheproblemwiththe
authenticityandintegritychecksaswell,astheyarenowawareofthesechanges.

Duringphase1,ifNATTraversalisused,oneorbothpeer'sidentifytoeachotherthat
theyareusingNATTraversal,thentheIKEnegotiationsswitchtousingUDPport4500.
AfterthisthedataissentandhandledusingIPSecoverUDP,whichiseffectivelyNAT
Traversal.ThereceivingpeerfirstunwrapstheIPSecpacketfromitsUDPwrapper(the
NATTraversalpartthatoccurredatthesendingpeerend)andthenprocessesthetraffic
asastandardIPSecpacket.

ThreeportsinparticularmustbeopenonthedevicethatisdoingNATforyourVPNto
workcorrectly.TheseareUDPport4500(usedforNATtraversal),UDPport500(used
forIKE)andIPprotocol50(ESP).

HowevertheultimatefixtothisistouseapublicIPaddressonyourfirewallsexternal
interface.Thisisalsotherecommendedmethod,andwilleliminatetheuseofNATT.

http://www.internetcomputersecurity.com/VPNGuide/NATT.html 1/1

MPLS-Enabled Applications: Emerging Developments and New Technologies
From Everand
MPLS-Enabled Applications: Emerging Developments and New Technologies
Ina Minei
Rating: 4 out of 5 stars
4/5 (4)
Nokia Firewall, VPN, and IPSO Configuration Guide
From Everand
Nokia Firewall, VPN, and IPSO Configuration Guide
Andrew Hay
No ratings yet
IPv6 Socket API Extensions: Programmer's Guide
From Everand
IPv6 Socket API Extensions: Programmer's Guide
Qing Li
No ratings yet
The Fast-Track Guide to VXLAN BGP EVPN Fabrics: Implement Today’s Multi-Tenant Software-Defined Networks
From Everand
The Fast-Track Guide to VXLAN BGP EVPN Fabrics: Implement Today’s Multi-Tenant Software-Defined Networks
Rene Cardona
No ratings yet
Automatic NAT Traversal For IPsec Tunneling Between Cisco Meraki Peers
Document5 pages
Automatic NAT Traversal For IPsec Tunneling Between Cisco Meraki Peers
tadeu melo
No ratings yet
A Multi-Link Aggregate IPSec Model
Document5 pages
A Multi-Link Aggregate IPSec Model
aksssudhakar
No ratings yet
Cisco IP Security Troubleshooting Understanding and Using Debug Commands
Document14 pages
Cisco IP Security Troubleshooting Understanding and Using Debug Commands
Raj Karan
No ratings yet
CCIE Security V4 Tech Labs Sec 7 VRF IPsec
Document4 pages
CCIE Security V4 Tech Labs Sec 7 VRF IPsec
Umair Alam
No ratings yet
Firewall and NAT Guide
Document41 pages
Firewall and NAT Guide
abbass512
No ratings yet
Configuring Route Based IPSec With Overlapping Networks
Document13 pages
Configuring Route Based IPSec With Overlapping Networks
Ryanb378
No ratings yet
Firewall Lab
Document3 pages
Firewall Lab
Kevin Cleaner
No ratings yet
NM - 18 SNMP Cisco Traps
Document70 pages
NM - 18 SNMP Cisco Traps
yusuf shaban
No ratings yet
IPSec Basics Handouts
Document20 pages
IPSec Basics Handouts
Jame Jame
No ratings yet
Difference Between IKEv1 and IKEv2
Document3 pages
Difference Between IKEv1 and IKEv2
Tzvika Shechori
No ratings yet
Carrier Grade NAT - TEC Study Paper-Ver2
Document17 pages
Carrier Grade NAT - TEC Study Paper-Ver2
Pravesh Kumar Thakur
No ratings yet
Fortigate Traffic Shaping 40 mr2 PDF
Document56 pages
Fortigate Traffic Shaping 40 mr2 PDF
Ragil Miseno
No ratings yet
The Comparison of Network Simulators For SDN
Document12 pages
The Comparison of Network Simulators For SDN
Alejandro Sanchez Lopez
No ratings yet
GNS3 Getting Started Guide
Document87 pages
GNS3 Getting Started Guide
Jay
No ratings yet
NAT Practice With BGP and PBR: Lab Topology
Document6 pages
NAT Practice With BGP and PBR: Lab Topology
Aye Kyaw
No ratings yet
Project 2 NAT
Document3 pages
Project 2 NAT
Huma Khan
No ratings yet
IKEv2 Protocol: Securing VPNs with Fewer Messages
Document10 pages
IKEv2 Protocol: Securing VPNs with Fewer Messages
Prashant Tiwari
No ratings yet
Cisco Live PFR
Document93 pages
Cisco Live PFR
jtutokey
No ratings yet
Understanding FabricPath - Data Center and Network Technobabble
Document4 pages
Understanding FabricPath - Data Center and Network Technobabble
tor
No ratings yet
PaloAloto Interview Question and Answers
Document18 pages
PaloAloto Interview Question and Answers
MahmoudAbdElGhani
No ratings yet
Linux Lab 21 Firewall Definitions
Document1 page
Linux Lab 21 Firewall Definitions
smile4ever54
100% (1)
E2e MPLS Architectures Alu PDF
Document17 pages
E2e MPLS Architectures Alu PDF
Tommy
No ratings yet
IPsec VPN Penetration Testing With BackTrack Tools
Document6 pages
IPsec VPN Penetration Testing With BackTrack Tools
ksenthil77
No ratings yet
IEATC-SPv3 Part 04 MPLS
Document15 pages
IEATC-SPv3 Part 04 MPLS
Umair Alam
No ratings yet
Performance Routing PFR
Document28 pages
Performance Routing PFR
rockerptit
No ratings yet
Broadband Subscriber Services Feature Guide - 14.2
Document856 pages
Broadband Subscriber Services Feature Guide - 14.2
openid_dr4OPAdE
No ratings yet
Discover and Reconcile Pre-Existing L2VPN Services
Document57 pages
Discover and Reconcile Pre-Existing L2VPN Services
Ala Jebnoun
No ratings yet
IPsec VPN Topologies and Design Considerations With Use Cases-5
Document267 pages
IPsec VPN Topologies and Design Considerations With Use Cases-5
junostik
No ratings yet
What H 323 TCP UDP Ports Are Needed or Used by Polycom Video and Network Products
Document4 pages
What H 323 TCP UDP Ports Are Needed or Used by Polycom Video and Network Products
voodoo_028
No ratings yet
IPSec Lab Guide for Transport and Tunnel Modes
Document6 pages
IPSec Lab Guide for Transport and Tunnel Modes
mehdi13994
No ratings yet
Network Engineer Interview Questions
Document4 pages
Network Engineer Interview Questions
mmihir82
100% (1)
James F Durkin Voice-Enabling The Data Network PDF
Document226 pages
James F Durkin Voice-Enabling The Data Network PDF
Jose Leonardo Simancas Garcia
No ratings yet
Hari Krishna Raju Kanekal Nomus Comm-Systems
Document155 pages
Hari Krishna Raju Kanekal Nomus Comm-Systems
harikrishna242424
No ratings yet
Extra Notes On IPsec VPNs
Document21 pages
Extra Notes On IPsec VPNs
Alex Moh
No ratings yet
Linux QoS (Save)
Document18 pages
Linux QoS (Save)
JC JC
No ratings yet
Site To Site IPSEC VPN Troubleshooting - Imp
Document8 pages
Site To Site IPSEC VPN Troubleshooting - Imp
Asif
No ratings yet
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Document35 pages
4.4.1.1 Lab - Configuring Zone-Based Policy Firewalls - Instructor
Lupita Vázquez
No ratings yet
Mpls Cisco
Document240 pages
Mpls Cisco
jdns85
No ratings yet
CheckPoint Firewall Interview Questions
Document4 pages
CheckPoint Firewall Interview Questions
Moe Kaungkin
No ratings yet
Qos SRND Book
Document328 pages
Qos SRND Book
Vinitri Leal
No ratings yet
Server 2008 NAT Network Address Translation
Document12 pages
Server 2008 NAT Network Address Translation
Paul
100% (1)
Ipv 6
Document411 pages
Ipv 6
Gopikrishnan Radhakrishnan
No ratings yet
OSPFv 3
Document22 pages
OSPFv 3
pjurbina
No ratings yet
Open Transceivers Presentation
Document24 pages
Open Transceivers Presentation
Nathan
No ratings yet
Layer 3 Leaf-Spine - Arista ATD 1 Documentation - Arista
Document5 pages
Layer 3 Leaf-Spine - Arista ATD 1 Documentation - Arista
danduvis89
No ratings yet
Software Defined Cities - The Next Generation For Smart Cities Networks - Yaniv Aviram - Avaya - Smart City 2015
Document36 pages
Software Defined Cities - The Next Generation For Smart Cities Networks - Yaniv Aviram - Avaya - Smart City 2015
Logtel
No ratings yet
7570 Alarms Dictionary 3bl77057acbarkzza 04 en
Document245 pages
7570 Alarms Dictionary 3bl77057acbarkzza 04 en
Patrick Dzeidzorm
No ratings yet
Ntop Users Meeting Sharkfest 2016 (Ntopng)
Document53 pages
Ntop Users Meeting Sharkfest 2016 (Ntopng)
Azhar Mohd Ghazali
No ratings yet
Firewall Interview Questions Asa
Document3 pages
Firewall Interview Questions Asa
Rakesh Rakee
0% (1)
Checkpoint Firewall Interview Question and Answer Part 1
Document4 pages
Checkpoint Firewall Interview Question and Answer Part 1
Files Down
No ratings yet
Asr9k Multicast Troubleshooting External
Document25 pages
Asr9k Multicast Troubleshooting External
surge031
No ratings yet
Lab5 Effectively Using Suricata
Document29 pages
Lab5 Effectively Using Suricata
Saw Gyi
No ratings yet
Implementing Virtual Routing and Forwarding VRF On Cisco Nexus Data Center
Document8 pages
Implementing Virtual Routing and Forwarding VRF On Cisco Nexus Data Center
zxcd
No ratings yet
Windows Log-Md Att&Ck Cheat Sheet - Win 7 - Win 2012: Definitions
Document17 pages
Windows Log-Md Att&Ck Cheat Sheet - Win 7 - Win 2012: Definitions
JWilh
No ratings yet
DAI (Dynamic ARP Inspection)
Document11 pages
DAI (Dynamic ARP Inspection)
mandijnns1
100% (1)
Checkpoint Packet Flow
Document3 pages
Checkpoint Packet Flow
SurajKumar
No ratings yet
MCQ Chemical Reaction1
Document4 pages
MCQ Chemical Reaction1
Narendra Pattanayak
No ratings yet
Mind Map: Project Management Professional
Document5 pages
Mind Map: Project Management Professional
MondherBelaid
100% (1)
NCERT Class 10 Scince Chapter 1 Chemical Reactions and Equations MCQ's
Document4 pages
NCERT Class 10 Scince Chapter 1 Chemical Reactions and Equations MCQ's
Narendra Pattanayak
No ratings yet
How 4G LTE Achieves Peak Download Speeds of 100 Mbps
Document14 pages
How 4G LTE Achieves Peak Download Speeds of 100 Mbps
Narendra Pattanayak
No ratings yet
SDM
Document20 pages
SDM
Narendra Pattanayak
No ratings yet
F5 App Traffic MGMT
Document69 pages
F5 App Traffic MGMT
adityanandwani
No ratings yet
Internet Engineering Course: Network Design
Document26 pages
Internet Engineering Course: Network Design
Narendra Pattanayak
No ratings yet
Mind Map: Project Management Professional
Document5 pages
Mind Map: Project Management Professional
MondherBelaid
100% (1)
LTE 4G Mobile Broadband Technology Summary
Document16 pages
LTE 4G Mobile Broadband Technology Summary
Narendra Pattanayak
No ratings yet
Control Command For Microwave Link Acknowledgment and Its Troubleshooting Strategy
Document3 pages
Control Command For Microwave Link Acknowledgment and Its Troubleshooting Strategy
Narendra Pattanayak
No ratings yet
Sukanya Samriddhi Vs PPF
Document1 page
Sukanya Samriddhi Vs PPF
Narendra Pattanayak
No ratings yet
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
Aruba in Ten Minutes
Document7 pages
Aruba in Ten Minutes
Narendra Pattanayak
No ratings yet
Complete Lab Manual For CCNP PDF
Document315 pages
Complete Lab Manual For CCNP PDF
toto161616
100% (2)
E1 Tester
Document12 pages
E1 Tester
Narendra Pattanayak
No ratings yet
Ee101 DGTL 5
Document150 pages
Ee101 DGTL 5
Narendra Pattanayak
No ratings yet
QNS SW
Document2 pages
QNS SW
Narendra Pattanayak
No ratings yet
Aruba in Ten Minutes
Document7 pages
Aruba in Ten Minutes
Narendra Pattanayak
No ratings yet
Careers - Netcon Technologies
Document2 pages
Careers - Netcon Technologies
Narendra Pattanayak
No ratings yet
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
Chapter 4: Cabling: What Is Network Cabling?
Document6 pages
Chapter 4: Cabling: What Is Network Cabling?
Narendra Pattanayak
No ratings yet
Microwave NEC Whitepaper PDF
Document10 pages
Microwave NEC Whitepaper PDF
tauraimukumba
No ratings yet
3.2.2.4 Lab - Troubleshooting EtherChannel
Document7 pages
3.2.2.4 Lab - Troubleshooting EtherChannel
okirere
No ratings yet
Advanced-Security-WB-V I November 13, 2010
Document694 pages
Advanced-Security-WB-V I November 13, 2010
Narendra Pattanayak
No ratings yet
ASA Packet Flow PDF
Document3 pages
ASA Packet Flow PDF
Narendra Pattanayak
No ratings yet
Troubleshooting Basics
Document9 pages
Troubleshooting Basics
Narendra Pattanayak
No ratings yet
Cheat-Sheet For Troubleshooting On Cisco 3750 Switches.
Document2 pages
Cheat-Sheet For Troubleshooting On Cisco 3750 Switches.
Narendra Pattanayak
No ratings yet
Top 100 Networking Interview Questions & Answers
Document16 pages
Top 100 Networking Interview Questions & Answers
Narendra Pattanayak
No ratings yet
How To Resolve EIGRP Issues
Document1 page
How To Resolve EIGRP Issues
Narendra Pattanayak
No ratings yet
OSPF Neighbor Problems Explained - Cisco
Document7 pages
OSPF Neighbor Problems Explained - Cisco
Narendra Pattanayak
No ratings yet
Geometry m2 Topic C Lesson 12 Teacher
Document14 pages
Geometry m2 Topic C Lesson 12 Teacher
Mae Roh
No ratings yet
Unit Operations Guide for Chemical Engineering Separations
Document38 pages
Unit Operations Guide for Chemical Engineering Separations
Renu Sekaran
No ratings yet
DECKSLAB
Document23 pages
DECKSLAB
Civil Guy
No ratings yet
Physics 157 Homework 5 Thermodynamics Skills
Document5 pages
Physics 157 Homework 5 Thermodynamics Skills
Sherin Hamid
No ratings yet
CAPE Chemistry Data Booklet
Document5 pages
CAPE Chemistry Data Booklet
Anvitha Panyam
No ratings yet
Lab 4 Exercise: Data sources and calculated columns
Document4 pages
Lab 4 Exercise: Data sources and calculated columns
SITI FATIMAH AMALINA ABDUL RAZAK
No ratings yet
Stats Form 4
Document35 pages
Stats Form 4
kirin19
100% (2)
Suffah Academy
Document3 pages
Suffah Academy
Mian Haroon Sahil
No ratings yet
Mass Balance
Document20 pages
Mass Balance
Bhaskar Bethi
No ratings yet
17 PCS ResourceGuide Full Final1 PDF
Document68 pages
17 PCS ResourceGuide Full Final1 PDF
Mako Zoltan
No ratings yet
Case 850K XLT - WT - LGP Crawler Dozer 04 PDF
Document4 pages
Case 850K XLT - WT - LGP Crawler Dozer 04 PDF
Eli Ehmedli
No ratings yet
P6
Document33 pages
P6
adaptive4u4527
No ratings yet
SQL Injection: Understanding and Mitigation Techniques
Document37 pages
SQL Injection: Understanding and Mitigation Techniques
Shimelis Abera
No ratings yet
Stiffness Matrix Method
Document102 pages
Stiffness Matrix Method
Akash Paudel
No ratings yet
Static Equipment Installation Specification
Document17 pages
Static Equipment Installation Specification
onur gunes
100% (2)
Halo Carro PDF
Document5 pages
Halo Carro PDF
Rege Punk
No ratings yet
Polarity and Intermolecular Forces
Document59 pages
Polarity and Intermolecular Forces
Antonio Louis Llarena
No ratings yet
Calculation of Displacement, LWT and DWT
Document18 pages
Calculation of Displacement, LWT and DWT
M.Neuer
91% (45)
Noise, Nonlinear Distortion and System Parameters
Document200 pages
Noise, Nonlinear Distortion and System Parameters
Khang Nguyen
0% (1)
Daily Lesson Plan in Mathematics
Document5 pages
Daily Lesson Plan in Mathematics
Alyana Joy Ariban
No ratings yet
Design Pattern - Service Provider Interface (SPI)
Document2 pages
Design Pattern - Service Provider Interface (SPI)
dbawane7
No ratings yet
PGCRSM-01-BLOCK-03 Research Design Experimental
Document29 pages
PGCRSM-01-BLOCK-03 Research Design Experimental
Vijilan Parayil Vijayan
No ratings yet
Concrete Cube Failure - Acceptance Criteria and IS Code
Document5 pages
Concrete Cube Failure - Acceptance Criteria and IS Code
Raghavan AR
No ratings yet
Analyzing Java OutOfMemory Problems With IBM Heapdump Facility
Document10 pages
Analyzing Java OutOfMemory Problems With IBM Heapdump Facility
Narendra Choudary
No ratings yet
Mean From A Table3
Document1 page
Mean From A Table3
Duvall McGregor
No ratings yet
IO2654 - F11 - 2013 - WDM Management PDF
Document23 pages
IO2654 - F11 - 2013 - WDM Management PDF
Klaudio Marko
No ratings yet
Sri Lankan Mathematics Competition 2018 April 7, 2018 10:30 Am - 12 Noon
Document4 pages
Sri Lankan Mathematics Competition 2018 April 7, 2018 10:30 Am - 12 Noon
V.Nawaneethakrishnan
No ratings yet
Butterfly Effects PDF
Document3 pages
Butterfly Effects PDF
pablofaure1
No ratings yet
Ggeo 5 Manual
Document524 pages
Ggeo 5 Manual
Iancu-Bogdan Teodoru
No ratings yet
Assignment Atomic Structure JH Sir-2611
Document30 pages
Assignment Atomic Structure JH Sir-2611
Shivam Kumar
No ratings yet