Relationship between IPSec and NAT on the USG2160

During IPSec VPN deployment, the initiator on a private network may need to establish an IPSec tunnel with the responder on a public network. To ensure that an IPSec tunnel can be established when a network address translation (NAT) device exists, NAT traversal is required. In a non-NAT traversal scenario, the gateway uses port 500 to negotiate the IPSec tunnel. In a NAT traversal scenario, the gateway uses port 4500 to negotiate the IPSec tunnel.
NAT traversal enables the NAT gateway between the two ends to be discovered during IKE negotiation so that ESP packets can properly traverse the NAT gateway.

Scroll to top