IPsec NAT Traversal

IPsec was designed to provide end-to-end security for two computers located in the same address domain. If two computers are located in different address domains, such as private IP addresses used on a home network and public IP addresses used on the Internet, then the addresses must be translated for communication to occur. The translation of addresses and TCP or UDP ports for network address translation to connect users to the Internet invalidates the security services of IPsec. Specifically, address and port translation causes the following problems for ESP-based IPsec traffic:

For ESP-protected packets, the TCP and UDP ports are encrypted and, therefore, cannot be translated.
ISAKMP messages calculate hashes and signatures ...

Get Windows Server® 2008 TCP/IP Protocols and Services now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 TCP/IP Protocols and Services by Joseph Davies

IPsec NAT Traversal

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly