08-22-2007
03:32 AM
- last edited on
02-21-2020
11:46 PM
by
cc_security_adm
Hi,
I was wondering if someone could explain the comparasion or pros and cons to IPSEC over UDP, TCP, NAT-T.
I think I understand why I have to use NAT-T for devices that do NAT from private to public address ranges. IE I have a home network with a private IP and my office also, therefore I need NAT-T enabled to allow the clients to connect. However should I also be using UDP or TCP ?
Thanks
Ed
08-22-2007 05:17 AM
NAT-T is an IETF standard and uses UDP port 4500. IPSec over TCP enables a client to connect when IKE (UDP 500) is blocked in the firewall, as it encapsulates both ESP and IKE in the tcp packet.
Standard NAT-T is generally the best choice because it works with more vendors, IPSec over UDP or TCP can be useful when you need to tunnel through firewalls.
I hope this helps.
08-22-2007 06:07 AM
Hi,
So Just to check I must be using standard NAT-T as I haven't configure the other up. From a security point of view or speed ? Is there any difference?
I have Cisco PIX which is terminating the clients ? with router infront ?
Thanks
Ed
08-22-2007 06:34 AM
Yes, it is easier to use NAT-T as it is the default. It require less (none) configuration.
If you need to tunnel the ipsec connection on a different port you can use IPSec over TCP, if the clients support it. Not all clients support IPSec over TCP.
There is no difference in security or speed as far as I am aware.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: