These techniques are typically required for client-to-client networking applications, especially peer-to-peer and Voice-over-IP (VoIP) deployments. Many techniques exist, but no technique works in every situation since NAT behavior is not standardized. Many techniques require assistance from a computer server at a publicly-routable IP address. Some methods use the server only when establishing the connection (such as STUN), while others are based on relaying all the data through it (such as TURN), which adds bandwidth costs and increases latency, detrimental to real-time VoIP applications.
Almost by definition, NAT techniques break end-to-end transparency. Intercepting and modifying traffic can only be performed transparently in the absence of secure encryption and authentication. Most NAT behavior-based techniques bypass enterprise security policies. Enterprise security experts prefer techniques that explicitly cooperate with NAT and firewalls, allowing NAT traversal while still enabling marshalling at the NAT to enforce enterprise security policies. From this point of view, the most promising IETF standards are Realm-Specific IP (RSIP) and Middlebox Communications (MIDCOM).
SOCKS, the oldest NAT traversal protocol, is still widely available. In home/SOHO settings, Universal Plug and Play (UPnP) is supported by most small NAT gateways. NAT-T is commonly used by IPsec VPN clients in order to have ESP packets traverse NAT.
In order for IPsec to work through a NAT, the following need to be allowed on the firewall:
or, in case of NAT-T:
Often this is accomplished on home routers by enabling "IPsec Passthrough".
The default behavior of Windows XP SP2 was changed to no longer have NAT-T enabled by default, because of a rare and controversial security issue . This prevents most home users from using IPsec without making adjustments to their settings. To enable NAT-T for systems behind NATs to communicate with other systems behind NATs, the following registry key needs to be added and set to a value of 2: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesIPsecAssumeUDPEncapsulationContextOnSendRule
IPsec NAT-T patches are also available for Windows 2000, Windows NT and Windows 98.
One usage of NAT-T and IPsec is to enable opportunistic encryption between systems. NAT-T allows systems behind NATs to request and establish secure connections on demand.
Agency Reviews Patent Application Approval Request for "Method for Allocating an External Network IP Address in Nat Traversal, and Device and System"
Sep 19, 2013; By a News Reporter-Staff News Editor at Politics & Government Week -- A patent application by the inventors Zha, Min (Shenzhen,...
Publication No. WO/2009/124450 Published on Oct. 15, Assigned to Institute of Acoustics, Chinese Academy of Sciences for Nat Traversal Method (Chinese Inventors)
Nov 04, 2009; GENEVA, Nov. 7 -- Jinlin Wang, Hao Ren, Yifeng Lu, Shaowei Su and Zhentan Feng, all from China, have developed a nat traversal...
US Patent Issued to Institute of Acoustics, Chinese Academy of Science on Oct. 15 for "Method Based on the Combination of the UPnP and STUN for NAT Traversal" (Chinese Inventors)
Oct 15, 2013; ALEXANDRIA, Va., Oct. 15 -- United States Patent no. 8,560,607, issued on Oct. 15, was assigned to Institute of Acoustics,...
Wipo Publishes Patent of Forkstream for "Method and System for Enabling Nat Traversal for Multi-Homing Protocols" (Irish Inventors)
Apr 26, 2013; GENEVA, April 26 -- Publication No. WO/2013/056999 was published on April 25.Title of the invention: "METHOD AND SYSTEM FOR...