Re: Difference between NAT-Transparency (ietf) and NAT over TCP/

obrenes · ‎11-10-2004

Can anyone tell me the difference between NAT-Transparency (ietf draft) and NAT over TCP/UDP from Cisco (IPSec/NAT).

Is there any benefits on using IPSec/NAT instead of NAT Transparency?

I heard that NAT over TCP/UDP is a Cisco's proprietary implementation. Is that true?

akbansal1 · ‎11-11-2004

IPSec ,is a combination of several IETF-defined security technologies, providing a complete system for confidentiality, integrity, and authenticity. IPSec can be used with other IP protocols and is most often used when the remote device needs to have full access to the corporate intranet.

ehirsel · ‎11-12-2004

NAT-Transparency - the IETF standard uses UDP only and the destination udp 4500 is used to connect to the remote gateway. UDP dest port 500 may used as well to set up the initial exchange and it may have bits/fields in the newer headers to let the other end know about NAT-Transparency - but I am not certain of this.

NAT over TCP/UDP from Cisco can use configurable tcp and udp ports. The tcp default port is 10000 and the UDP port may be the same. The IETF standard only uses UDP dest port 4500.

Both accomplish the same thing - to allow IPSec sessions to travers nat and pat devices. Native IPSec had issues with nat/pat, particularly with IKE.

If you have a cisco client connecting to a cisco gateway and both ends have more recent code, then there is no difference. However if you will connect to a non-cisco device, then use the IETF standard as you will have more of a guarentee of connecting.

Let me know if this helps.

obrenes · ‎11-12-2004

Excellent!!!

Thanks.

Difference between NAT-Transparency (ietf) and NAT over TCP/UDP (cisco)