I'm looking at my ASA logs for VPN connections (%ASA-4-113019 messages). Some of the connections show a session type of "IKE" and others show "IPSecOverNatT". Why would this be? My users are using an IPSec client to connect.
The reason why you are seeing IPSecOverNatT is because there is NAT device in the path between the vpn client and the head end VPN terminating device, and since IPSec Phase 2 is in ESP packet (ie: it is a protocol, therefore it's not a TCP or UDP with port number that can be NATed through a NAT device) hence the ESP packet is encapsulated in either TCP or UDP with port (called NAT-T - NAT Traversal) so it can be NATed through a NAT device.
Hope that answers your question.