IPSEC over comparasion

Unanswered Question
Aug 22nd, 2007

Hi,

I was wondering if someone could explain the comparasion or pros and cons to IPSEC over UDP, TCP, NAT-T.

I think I understand why I have to use NAT-T for devices that do NAT from private to public address ranges. IE I have a home network with a private IP and my office also, therefore I need NAT-T enabled to allow the clients to connect. However should I also be using UDP or TCP ?

Thanks

Ed

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 08/22/2007 - 05:17

NAT-T is an IETF standard and uses UDP port 4500. IPSec over TCP enables a client to connect when IKE (UDP 500) is blocked in the firewall, as it encapsulates both ESP and IKE in the tcp packet.

Standard NAT-T is generally the best choice because it works with more vendors, IPSec over UDP or TCP can be useful when you need to tunnel through firewalls.

I hope this helps.

edw Wed, 08/22/2007 - 06:07

Hi,

So Just to check I must be using standard NAT-T as I haven't configure the other up. From a security point of view or speed ? Is there any difference?

I have Cisco PIX which is terminating the clients ? with router infront ?

Thanks

Ed

mattiaseriksson Wed, 08/22/2007 - 06:34

Yes, it is easier to use NAT-T as it is the default. It require less (none) configuration.

If you need to tunnel the ipsec connection on a different port you can use IPSec over TCP, if the clients support it. Not all clients support IPSec over TCP.

There is no difference in security or speed as far as I am aware.

Actions

This Discussion