Udp Statistics; Figure 26: L2Tp Control Frame With Nat-T Udp Encapsulation; Figure 27: L2Tp Data Frame With Nat-T Udp Encapsulation; Figure 28: Ike Packet With Nat-T Udp Encapsulation - Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual

Ip services configuration guide
Table of Contents

Advertisement

JUNOSe 11.1.x IP Services Configuration Guide
Figure 26 on page 294 shows an L2TP control frame encapsulated with a NAT-T UDP
header. The shaded area shows the portion of the frame that is encrypted by IPSec.

Figure 26: L2TP Control Frame with NAT-T UDP Encapsulation

Figure 27 on page 294 shows an L2TP data frame encapsulated with a NAT-T UDP
header. The shaded area shows the portion of the frame that is encrypted by IPSec.

Figure 27: L2TP Data Frame with NAT-T UDP Encapsulation

Additionally, IKE packets transmitted during the IKE SA negotiation process are
encapsulated with a NAT-T UDP header, and include a non-ESP marker to distinguish
them from standard ESP control and data frames. Figure 28 on page 294 shows an
IKE packet encapsulated with a NAT-T UDP header.

Figure 28: IKE Packet with NAT-T UDP Encapsulation

Only frames that use the ESP encryption and authentication protocol can be
UDP-encapsulated. Frames that use authentication header (AH) cannot be
UDP-encapsulated; therefore, NAT-T is not supported for L2TP/IPSec connections that
use AH.
For more detailed information about encapsulation and other IPSec security
parameters, see "Configuring IPSec" on page 125.

UDP Statistics

When NAT-T is enabled, UDP-encapsulated IPSec packets arriving and leaving the
router look like standard UDP packets. However, the router does not forward these
294
L2TP/IPSec Tunnels

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the IP SERVICES - CONFIGURATION GUIDE V 11.1.X and is the answer not in the manual?

Subscribe to Our Youtube Channel

This manual is also suitable for:

Junose 11.1.x ip servicesJunose v 11.1

Table of Contents