Relationship between IPSec and NAT on the USG2160


During IPSec VPN deployment, the initiator on a private network may need to establish an IPSec tunnel with the responder on a public network. To ensure that an IPSec tunnel can be established when a network address translation (NAT) device exists, NAT traversal is required. In a non-NAT traversal scenario, the gateway uses port 500 to negotiate the IPSec tunnel. In a NAT traversal scenario, the gateway uses port 4500 to negotiate the IPSec tunnel.
NAT traversal enables the NAT gateway between the two ends to be discovered during IKE negotiation so that ESP packets can properly traverse the NAT gateway.

Other related questions:
Mechanism of IPSec phase 2 on the USG2160
IKEv1 phase 2 negotiation aims to set up the IPSec SAs that are used for data transmission. IKEv1 phase-2 negotiation is completed through fast switch. In fast switch, SKEYID_a generated in IKEv1 phase-1 negotiation is used to implement integrity check and identity authentication on ISAKMP messages, and SKEYID_e is used to encrypt ISAKMP messages, ensuring the security of the switch. In fast switch mode, IPSec SA parameters are negotiated between the two ends of the peer, and the key is generated for data transmission.

Relationship between the Elk database and HD
Elk is an SQL on Hadoop solution. It is a component of HD and provides excellent SQL query performance and compatibility on HD.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top