NAT-T with IKEv2 IPSEC

Options
jmax
jmax Posts: 1
Second Anniversary
in Security

I have a USG60W and trying to configure an IPSEC tunnel that requires NAT Traversal. I do not see this option on the screen to configure IPSEC. This option is available when using IKEv1. Is NAT-T possible to configure when using IKEv2 on a USG60W?

All Replies

  • PeterUK
    PeterUK Posts: 3,887  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited March 2024

    I think its just part of IKEv2 to do NAT Traversal in order for it to works if both ends source port must be fixed by a CGNAT if both ends are behind CGNAT and can't allow incoming.

    So it be like this

    USG60W <> ISP CGNAT <--> ISP CGNAT <> other USG

    The here it the way NAT Traversal works both 500 and 4500 both ends nailed up

    USG60W 10.0.0.2:4500 > 3.3.3.1:4500 > CGNAT 2.2.2.1:4500 > 3.3.3.1:4500 CGNAT 3.3.3.1 > 10.10.10.3:4500 other USG

    which the othe USG does the same

    other USG 10.10.10.3:4500 > 2.2.2.1:4500 > CGNAT 3.3.3.1:4500 > 2.2.2.1:4500 CGNAT 2.2.2.1 > 10.0.0.2:4500 USG60W

    Then it Traversal

    But if one end allows incoming you just need the other to be nailed up

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)