NAT Traversal

IKEv1

IKEv2

The IKEv2 protocol includes NAT traversal in the core standard, but it's optional to implement. strongSwan implements it, and there is no configuration involved. The NAT_DETECTION_SOURCE/DESTINATION_IP notifications included in IKE_SA_INIT indicates the peers NATT capability and if a NAT situation is detected, UDP encapsulation is activated for IPsec. strongSwan starts sending keep alive packet if it is behind a NAT router to keep the mappings on the NAT device in tact.