cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
601
Views
0
Helpful
3
Replies

IPSEC over comparasion

edw
Level 1
Level 1

Hi,

I was wondering if someone could explain the comparasion or pros and cons to IPSEC over UDP, TCP, NAT-T.

I think I understand why I have to use NAT-T for devices that do NAT from private to public address ranges. IE I have a home network with a private IP and my office also, therefore I need NAT-T enabled to allow the clients to connect. However should I also be using UDP or TCP ?

Thanks

Ed

3 Replies 3

mattiaseriksson
Level 3
Level 3

NAT-T is an IETF standard and uses UDP port 4500. IPSec over TCP enables a client to connect when IKE (UDP 500) is blocked in the firewall, as it encapsulates both ESP and IKE in the tcp packet.

Standard NAT-T is generally the best choice because it works with more vendors, IPSec over UDP or TCP can be useful when you need to tunnel through firewalls.

I hope this helps.

Hi,

So Just to check I must be using standard NAT-T as I haven't configure the other up. From a security point of view or speed ? Is there any difference?

I have Cisco PIX which is terminating the clients ? with router infront ?

Thanks

Ed

Yes, it is easier to use NAT-T as it is the default. It require less (none) configuration.

If you need to tunnel the ipsec connection on a different port you can use IPSec over TCP, if the clients support it. Not all clients support IPSec over TCP.

There is no difference in security or speed as far as I am aware.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: