These techniques are typically required for client-to-client networking applications, especially peer-to-peer and Voice-over-IP (VoIP) deployments. Many techniques exist, but no technique works in every situation since NAT behavior is not standardized. Many techniques require assistance from a computer server at a publicly-routable IP address. Some methods use the server only when establishing the connection (such as STUN), while others are based on relaying all the data through it (such as TURN), which adds bandwidth costs and increases latency, detrimental to real-time VoIP applications.
Almost by definition, NAT techniques break end-to-end transparency. Intercepting and modifying traffic can only be performed transparently in the absence of secure encryption and authentication. Most NAT behavior-based techniques bypass enterprise security policies. Enterprise security experts prefer techniques that explicitly cooperate with NAT and firewalls, allowing NAT traversal while still enabling marshalling at the NAT to enforce enterprise security policies. From this point of view, the most promising IETF standards are Realm-Specific IP (RSIP) and Middlebox Communications (MIDCOM).
SOCKS, the oldest NAT traversal protocol, is still widely available. In home/SOHO settings, Universal Plug and Play (UPnP) is supported by most small NAT gateways. NAT-T is commonly used by IPsec VPN clients in order to have ESP packets traverse NAT.
In order for IPsec to work through a NAT, the following need to be allowed on the firewall:
or, in case of NAT-T:
Often this is accomplished on home routers by enabling "IPsec Passthrough".
The default behavior of Windows XP SP2 was changed to no longer have NAT-T enabled by default, because of a rare and controversial security issue . This prevents most home users from using IPsec without making adjustments to their settings. To enable NAT-T for systems behind NATs to communicate with other systems behind NATs, the following registry key needs to be added and set to a value of 2: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesIPsecAssumeUDPEncapsulationContextOnSendRule
IPsec NAT-T patches are also available for Windows 2000, Windows NT and Windows 98.
One usage of NAT-T and IPsec is to enable opportunistic encryption between systems. NAT-T allows systems behind NATs to request and establish secure connections on demand.
Publication No. WO/2009/124450 Published on Oct. 15, Assigned to Institute of Acoustics, Chinese Academy of Sciences for Nat Traversal Method (Chinese Inventors)
Nov 04, 2009; GENEVA, Nov. 7 -- Jinlin Wang, Hao Ren, Yifeng Lu, Shaowei Su and Zhentan Feng, all from China, have developed a nat traversal...
Wipo Publishes Patent of Forkstream for "Method and System for Enabling Nat Traversal for Multi-Homing Protocols" (Irish Inventors)
Apr 26, 2013; GENEVA, April 26 -- Publication No. WO/2013/056999 was published on April 25.Title of the invention: "METHOD AND SYSTEM FOR...
Wipo Publishes Patent of Zte, Zhong Fengyan for "Method, Device and System for Nat Traversal of Ipsec in Ah Mode" (Chinese Inventor)
Dec 26, 2012; GENEVA, Dec. 26 -- Publication No. WO/2012/171379 was published on Dec. 20.Title of the invention: "METHOD, DEVICE AND SYSTEM FOR...
US Patent Issued to Panasonic on March 1 for "Relayed Network Address Translator (Nat) Traversal" (California Inventor)
Mar 05, 2011; ALEXANDRIA, Va., March 5 -- United States Patent no. 7,899,932, issued on March 1, was assigned to Panasonic Corp. (Osaka,...