View Full Version : nat-t port 4500 - performance
Muhammad.A.Imam@gmail.com
02-04-08, 06:14 PM
Hi ,
I have read at a few places that by floating the port to 4500 in case
of NAT-T, it improves performance. I searched the net but couldnt find
a reason why the the UDP encapsulation of ESP data packets is more
efficient on port 4500 than 500.
Can anyone share his/her thoughts on this.?
Thanks
Muhammad Imam
Ansgar -59cobalt- Wiechers
02-04-08, 06:59 PM
Muhammad.A.Imam@gmail.com wrote:
> I have read at a few places that by floating the port to 4500 in case
> of NAT-T, it improves performance. I searched the net but couldnt find
> a reason why the the UDP encapsulation of ESP data packets is more
> efficient on port 4500 than 500.
>
> Can anyone share his/her thoughts on this.?
Nonsense.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
VANHULLEBUS Yvan
02-06-08, 09:14 AM
Muhammad.A.Imam@gmail.com writes:
> Hi ,
>
> I have read at a few places that by floating the port to 4500 in case
> of NAT-T, it improves performance. I searched the net but couldnt find
> a reason why the the UDP encapsulation of ESP data packets is more
> efficient on port 4500 than 500.
>
> Can anyone share his/her thoughts on this.?
There *may* be a reason:
some olds routers used some "IKE proxies" to try to allow IPSec
traffic to pass through their NAT.
If your encapsulated IPSec flow passes through such a proxy (using
NAT-T drafts 00-01), it may slow the tunnel down, and jumping to port
4500 will do it's job: skip the proxy.
Yvan.
vBulletin® v3.7.3, Copyright ©2000-2008, Jelsoft Enterprises Ltd.