Project

General

Profile

NAT Traversal (NAT-T) » History » Version 2

Martin Willi, 02.07.2007 15:20

1 1 Martin Willi
2 2 Martin Willi
h1. NAT Traversal
3 1 Martin Willi
4 2 Martin Willi
5 2 Martin Willi
6 2 Martin Willi
h2. IKEv1
7 2 Martin Willi
8 2 Martin Willi
9 2 Martin Willi
10 2 Martin Willi
h2. IKEv2
11 2 Martin Willi
12 1 Martin Willi
The IKEv2 protocol includes NAT traversal in the core standard, but it's optional to implement. strongSwan implements it, and there is no configuration involved. The NAT_DETECTION_SOURCE/DESTINATION_IP notifications included in IKE_SA_INIT indicates the peers NATT capability and if a NAT situation is detected, UDP encapsulation is activated for IPsec.
13 1 Martin Willi
strongSwan starts sending keep alive packet if it is behind a NAT router to keep the mappings on the NAT device in tact.