What is NAT-Traversal and how do I rule out problems with NAT-Traversal?

IPsec VPN uses a different protocol (ESP) for the actual data transfer than for establishing the connection (IKE). Since the ESP protocol does not use network ports, NAT (Network Address Translation) routers may have difficulties handling it correctly. Only NAT routers that support "IPSec Passthrough" (sometimes also named "VPN Passthrough" or "ESP Passtrhough") and where this option is also enabled, can handle ESP data packets.

To work around this problem, two alternative tunneling methods exist:

NAT-Traversal (old, RFC draft version)
NAT-Traversal (new, RFC standard version)

Which of these methods will work with your connection depends on two properties:

Which of these methods allows traffic to pass through your local Internet router.
Which of these methods are supported by your VPN remote gateway.

To test for the first property, VPN Tracker will automatically establish three VPN test connections to a VPN gateway hosted by us whenever it detects a new router that has not been tested before. One connection uses plain ESP, the other two either NAT-T method mentioned above. It will remember the test results for this router and take them into account whenever you start a connection from the network location. The reason we are testing with our own gateway is simply that the test requires a gateway supporting all three methods, with a known configuration and a simply way to verify if traffic did arrive at that gateway.

The second property is not tested in advance, VPN Tracker will become aware of that information when it actually tries to connect to your VPN gateway. VPN Tracker will compare the methods your gateway supports with the stored test results. If there is a match, a method that your gateway supports and that was also working during the test, this method will be used. If there is no match, VPN Tracker will immediately stop and show an appropriate error in the log, explaining the situation.

If you suspect a NAT-Traversal issue or you think the previous test results may be wrong or outdated, simply re-run the test:

‣ Make sure NAT-Traversal (Advanced tab) is set to Automatic
‣ Go to "Tools" > "Test VPN Availability"
‣ Click "Test Again"
‣ Wait until the test has completed, then connect to your VPN

The test dialog also allows you to tell VPN Tracker to not test the current location and forget any previously created test results. This is rarely needed and also not recommended but there might be situation where the test results are wrong because access to our VPN gateway is not possible (e.g. it is blocked) and thus the test result are just bogus and say nothing about the true capabilities of your VPN gateway.

Your browser currently doesn't support JavaScript! Please activate Javascript in the settings of the browser.

Wünsch dir was!

If you have any idea or request for next product versions - or just want to add your two cents, please enter your request here.
Please do not use this form for submitting your support inquiries or questions you will need any (quick) reply. Thank you!

Your name

Your email address

I hereby acknowledge that this web form is only provided for non-binding inquiries and to obtain information. It can not be used for legal electronic communication with equinux AG or its subsidiary companies. This also applies to familiar email addresses of equinux AG and its subsidiary companies. I agree with the storage of my data according to the privacy policy. This agreement can be revoked at any time. *

abschicken

Product

Name

E-Mail

equinux ID

Subject

Order number

Please complete all fields marked with a *.

Submit message

Your direct line to the equinux TARMAC team

Our TARMAC team is ready and waiting:
tarmac@equinux.com or by Telephone +49 (0)89 / 520 465-222

Choose your Timezone:

Interested in our products?

You're interested in equinux products and have additional questions regarding your purchase or product activation?
The equinux Sales Team is here to help: Call or chat with us,

Phone

From USA and Canada:		1-888-equinux (378-4689)
Other countries:		+49-89-520 465-280

Heute: VPN Tracker Expert Day

Fetching date/time...
Timezones: Berlin, Brussels, Copenhagen, Madrid, Paris

Nächster Expert Day

Fetching date/time...
Timezones: Berlin, Brussels, Copenhagen, Madrid, Paris

Please select your product
Select your product to view all available manuals and guides for your product.

MediaCentral 2.8.10 Manual

published: 19.09.2014

open

CoverScout 3.6.7 Manual

published: 17.10.2016

open

CoverScout 2.3.10 Manual

published: 24.10.2008

open

Manual

iSale 5.9.11 Manual

published: 15.02.2016

open

TubeStick Hybrid Quick Start Guide

published: 29.05.2009

open

TubeStick Quick Start Guide

published: 23.03.2011

open

SongGenie 2.2.7 Manual

published: 24.05.2016

open

SongGenie 1.2.1 Manual

published: 11.11.2009

open