How do I configure support for UDP 4500 (NAT-T Draft 2)?
| Knowledge Base ID: | KB8120 |
| Version: | 5.0 |
| Published: | 07 Oct 2008 |
| Updated: | 07 Oct 2008 |
| Categories: |
 Firewall/IPSec_VPN NAT/PAT ScreenOS |
How do I configure support for UDP 4500 (NAT-T Draft 2)?
Problem:
Environment:
Solution:- UDP 4500
- NAT-T Draft 2
Question: Customer wants to use NAT-T draft 2 UDP 4500; how do I configure the Firewall to support this?
Answer: NAT-T draft 2 is supported in ScreenOS 5.1 and later.
To enable support for NAT Traversal, go to KB4022 - How Do I Enable NAT Traversal (NAT-T)?
The difference between ScreenOS 5.0 implementation and ScreenOS 5.1 and later is that NAT-T draft 2 can use UDP port 4500 for IKE negotiation when NAT is detected. For more information about NAT-T Draft 2 please see article KB8119 - What is NAT-T draft 2 and how does the Firewall detect it?
Purpose:Answer: NAT-T draft 2 is supported in ScreenOS 5.1 and later.
To enable support for NAT Traversal, go to KB4022 - How Do I Enable NAT Traversal (NAT-T)?
The difference between ScreenOS 5.0 implementation and ScreenOS 5.1 and later is that NAT-T draft 2 can use UDP port 4500 for IKE negotiation when NAT is detected. For more information about NAT-T Draft 2 please see article KB8119 - What is NAT-T draft 2 and how does the Firewall detect it?
Configuration
