« QoS , P2P and NBAR | Main | Robot, QRIO »

April 04, 2005

NAT Traversal

natt.jpg
Probably you heard IPSEC ESP doesn't work through PAT connection because when the PAT wants to modify ESP layer 4 header it faces to problem. why? because it's encrypted and PAT can't change source port. don't worry the RFC 3948 written by four major companies (F-Secure Corporation, Microsoft, Cisco and Nortel) at jan.2005, can help us but what's your VPN vendor? because all vendor haven't implemented yet.
How does it work?
In fact this protocol defines methods for encapsulate and decapsulate ESP packet inside the UDP for traversing through network address translators.

nattp.jpg

It's so good for any network which are using PAT and they want to have IPSEC ESP from any hosts of its network.really this protocol help to limitation IP V4 (special thanks to the IETF (Internet Engineering Task Force) for fix this problem in working ESP through PAT)

See detail of this protocol from the following URL :
UDP Encapsulation of IPsec ESP Packets RFC
http://www.faqs.org/rfcs/rfc3948.html

Posted by Mehrdad at April 4, 2005 05:39 PM