Cloudflare WAN, Magic Transit - NAT-T support for IKE on UDP port 500
1mo ago
Source
CloudflareCloudflare WAN, Magic Transit - NAT-T support for IKE on UDP port 500cloudflare.comCloudflare IPsec now supports the standard NAT traversal (NAT-T) flow, where IKE begins on UDP port 500 and switches to UDP port 4500 after NAT is detected. Previously, devices behind NAT had to be configured to initiate IKE on UDP port 4500 directly. Devices that started on UDP port 500 could not complete the IKE handshake when NAT was in the path. This required custom configuration on devices such as VeloCloud SD-WAN edges, Cisco IOS-XE routers, and Juniper SRX firewalls, and was not possible on every platform. What changed: Devices behind NAT can now initiate IKE on either UDP port 500 or UDP port 4500 . Devices that start IKE on UDP port 500 and switch to UDP port 4500 after NAT detection now complete the handshake successfully. No configuration change is required on Cloudflare. The change is available for all IPsec tunnels on Cloudflare WAN and Magic Transit. This change does not affect existing tunnels: Tunnels using UDP port 500 with no NAT detected continue to operate as before. Tunnels configured to start IKE on UDP port 4500 continue to operate as before. NAT detection logic is unchanged. For configuration details, refer to GRE and IPsec tunnels .
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.