NSE4 Question #330: Real Exam Question with Answer & Explanation

The correct answer is A: To detect intermediary NAT devices in the tunnel path.. NAT traversal (NAT-T) in IPsec is used to detect intermediary NAT devices in the tunnel path and to encapsulate ESP packets in UDP packets using port 4500 to pass through NAT.

Submitted by yousef_jo· Apr 18, 2026VPN and Routing

Question

What are the purposes of NAT traversal in IPsec? (Choose two.)

Options

ATo detect intermediary NAT devices in the tunnel path.
BTo encapsulate ESP packets in UDP packets using port 4500.
CTo force a new DH exchange with each phase 2 re-key
DTo dynamically change phase 1 negotiation mode to Aggressive.

Explanation

NAT traversal (NAT-T) in IPsec is used to detect intermediary NAT devices in the tunnel path and to encapsulate ESP packets in UDP packets using port 4500 to pass through NAT.

Common mistakes.

C. NAT-T does not force a new Diffie-Hellman (DH) exchange with each Phase 2 re-key; DH exchanges are typically for Phase 1 key establishment.
D. NAT-T does not dynamically change the Phase 1 negotiation mode; it typically operates with Main Mode and adjusts how packets are encapsulated for NAT compatibility.

Concept tested. IPsec NAT traversal (NAT-T) mechanism

Reference. https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/339241/vpn-across-a-nat-device

Topics

#IPsec#NAT Traversal (NAT-T)#VPN#UDP encapsulation

Community Discussion

No community discussion yet for this question.

Full NSE4 Practice Browse All NSE4 Questions