Guys I am a little bit confused ESP is IP protocol 50 but it us encapsulated in port udp 4500 when there is a nat between the peers rigth?
If there is a GM behind a nat device it uses udp 500 to start isakmp and then udp 4500 To encapsulate the trafic right? How is the comuniation between a device that is behind a nat and another that is not behind a nat? 4500--->500 4500--->4500 Or what?? El 25/12/2011, a las 07:40 p.m., Fawad Khan <[email protected]> escribió: > ESP is a layer protocol itself with number 50 > > > > Nat-t is layer 4 UDp port number 4500 > > > On Sunday, December 25, 2011, Piotr Matusiak <[email protected]> wrote: > > NAT-T uses UDP/4500 always. > > > > 2011/12/25 HA Ali <[email protected]> > >> > >> I have seen in cisco offical docs that GDOI works on 848 UDP and if NAT-T > >> is enabled it works on 4500 UDP . But in simple vpn setup ( not getvpn ) > >> we use 4500 for ESP . > >> > >> > >> If GETVPN uses ESP and GDOI how will it work in a NAT-T case ? will both > >> of them use UDP 4500 > >> > >> ________________________________ > >> From: [email protected] > >> Date: Sun, 25 Dec 2011 16:42:43 +0100 > >> To: [email protected] > >> CC: [email protected] > >> Subject: Re: [OSL | CCIE_Security] GETVPN and NAT > >> > >> NAT-T is supported between GM and KS. NAT is not supported between GMs. > >> The only option is to NAT before encryption. > >> > >> Regards, > >> Piotr > >> > >> > >> 2011/12/25 waleed ' <[email protected]> > >> > >> Dear all , in getvpn there is not nat-t becuase there is no isakmp between > >> the peers , so how get vpn work if there is nat between tow peers ? > >> _______________________________________________ > >> For more information regarding industry leading CCIE Lab training, please > >> visit www.ipexpert.com > >> > >> Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > >> > >> > >> _______________________________________________ For more information > >> regarding industry leading CCIE Lab training, please visit > >> www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > >> www.PlatinumPlacement.com > > > > -- > FNK > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
