How to: Diagnose and fix a NAT-Traversal mismatch

Diagnose and fix a NAT-Traversal mismatch
by Bob Smetana
NAT-Traversal encapsulates ESP packets inside UDP 4500, while Native IPSec routes ESP traffic using protocol 50. Both sides of an IPSec connection need to agree on which to use.

Because the initial negotiations always occur on UDP port 500, it is possible to have a connection that connects and appears stable, but does not pass traffic because of a NAT-traversal mismatch. Here is an example of such a situation.


View the full video on YouTube

See the specific instructions for your cloud setup and instance launch on our Product Resources page

By: Margaret Valtierra