IPSEC over comparasion

Unanswered Question
Aug 22nd, 2007
User Badges:

Hi,


I was wondering if someone could explain the comparasion or pros and cons to IPSEC over UDP, TCP, NAT-T.


I think I understand why I have to use NAT-T for devices that do NAT from private to public address ranges. IE I have a home network with a private IP and my office also, therefore I need NAT-T enabled to allow the clients to connect. However should I also be using UDP or TCP ?


Thanks


Ed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mattiaseriksson Wed, 08/22/2007 - 05:17
User Badges:
  • Bronze, 100 points or more

NAT-T is an IETF standard and uses UDP port 4500. IPSec over TCP enables a client to connect when IKE (UDP 500) is blocked in the firewall, as it encapsulates both ESP and IKE in the tcp packet.


Standard NAT-T is generally the best choice because it works with more vendors, IPSec over UDP or TCP can be useful when you need to tunnel through firewalls.


I hope this helps.

edw Wed, 08/22/2007 - 06:07
User Badges:

Hi,


So Just to check I must be using standard NAT-T as I haven't configure the other up. From a security point of view or speed ? Is there any difference?


I have Cisco PIX which is terminating the clients ? with router infront ?


Thanks


Ed

mattiaseriksson Wed, 08/22/2007 - 06:34
User Badges:
  • Bronze, 100 points or more

Yes, it is easier to use NAT-T as it is the default. It require less (none) configuration.


If you need to tunnel the ipsec connection on a different port you can use IPSec over TCP, if the clients support it. Not all clients support IPSec over TCP.


There is no difference in security or speed as far as I am aware.

Actions

This Discussion