Showing results for 
Search instead for 
Did you mean: 

IPSec VPN with NAT-T


Dear Team,

I am using Avaya VPN client & when I am getting connected succesfully to IPSec VPN Server, it is showing in status that IP NAT-Transversal is active on port 10001. In this case my IP is behind the NAPT router. When I am checking the logs, it shows that the request from my IP has gone through port 10001 (UDP) & hist server IP on port 10001 (UDP).

But in some cases when the request from my IP is going through any other port than 10001 & hit server on port 500, I am not getthing authenticated for VPN. So, I am understanding that for my VPN connection, the requested has to be go on port 10001 of VPN Server and port 10001 of client.

Please suggest how I can force every IPSec request to my VPN server to hit on port 10001 (UDP) so that i will not face any issue.

Please share the configuration example.


1 Reply 1


Hi Balbeer,

UDP port 10001 is an NAT-T port which is used by Nat traversal function. This is happening because the other side administrator has over rided the NAT-T port to 10001.

The IPsec works on 500 and 4500. If the hits are made to port 10001 forcefully then the traversal function will not get detected and again VPN will not work.

Hope this is clear B Boy.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers