The NAT traversal definition:
Answer: See the explanation
Explanation:
BD
NAT-T (NAT Traversal)
If both peers support NAT-T, and if they detect that they are connecting to each other through a Network
Address Translation (NAT) device (translation is happening), they may negotiate that they want to put a fake
UDP port 4500 header on each IPsec packet (before the ESP header) to survive a NAT device that otherwise
may have a problem tracking an ESP session (Layer 4 protocol 50).
Source: Cisco Official Certification Guide, Table 7-2 Protocols That May Be Required for IPsec, p.153
Also a good reference
Source: https://supportforums.cisco.com/document/64281/how-does-nat-t-work-ipsec
Which source port does IKE use when NAT has been detected between two VPN gateways?
A.
TCP 4500
B.
TCP 500
C.
UDP 4500
D.
UDP 500
Answer:C
0
0
What is the effect of the ASA command crypto isakmp nat-traversal?
A. It opens port 4500 only on the outside interface
B. It opens port 4500 only on all interfaces that are IPSec enabled
C. It opens port 500 only on the inside interface
D. It opens port 500 only on the outside interface
Answer: B
0
0
W
hich port should (or would) be open if VPN NAT-T was enabled
A.
port 4500 outside interface
B.
port 4500 in all interfaces where ipsec uses
C.
port 500
D.
port 500 outside interface
Answer: B
0
0