NAT traversal in VPNs
NAT traversal (NAT-T) prevents intermediary devices from applying NAT to VPN communications if NAT is found to prevent the communications from working.
NAT traversal encapsulates the IKE and IPsec communications inside UDP packets. The NAT-T encapsulation option does not affect mobile VPNs. NAT-T is always active in mobile VPNs.
Note: This option is included for backward compatibility with legacy NGFW software versions.
Encapsulation is not always necessary. Usually, you can define Contact Addresses so that the VPN works even when NAT is applied. The encapsulation options are activated in the endpoint properties in the Engine Editor or in the External VPN Gateway element.