04-05-2010 03:04 PM - edited 02-21-2020 04:34 PM
I would appreciate an explanation between these two terms.
I am doing some remote work while I do some traveling. Normally, when I work from home my VPN connection uses the IPSecOverNatT Protocol when I view the current VPN connections through ASDM. I am currently on a University campus and my connection is now just the plain IPSec protocol. What causes this change and what is the change?
Solved! Go to Solution.
04-05-2010 05:02 PM
It will only use NAT-T (UDP/4500) if the path has PAT configured. Because the plain IPSEC (ESP) is a protocol, not a TCP or UDP with port number, it can't pass through a PAT device, therefore during the IPSEC negotiation, if it detects there is PAT in the path, it will use NAT-T. Otherwise, it will just use the plain ESP packet.
Hope that answers your question.
04-05-2010 03:22 PM
The difference is that when you have NAT-T enabled it uses port 4500 for udp encapsulation instead of the usual isakmp port that is udp 500 which conflicts with NAT. This is in some cases controlled by the VPN hub/server.
04-05-2010 03:54 PM
NAT-T is enabled. There are other clients that are connected who are using the NAT-T protocol, but mine is IPSec. So my connection being reverted to the plain IPSec is being caused by the university campus connection I'm using?
04-05-2010 05:02 PM
It will only use NAT-T (UDP/4500) if the path has PAT configured. Because the plain IPSEC (ESP) is a protocol, not a TCP or UDP with port number, it can't pass through a PAT device, therefore during the IPSEC negotiation, if it detects there is PAT in the path, it will use NAT-T. Otherwise, it will just use the plain ESP packet.
Hope that answers your question.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide