Your browser does not allow storing cookies. We recommend enabling them.

NAT Traveral (NAT-T) Technology

What Is NAT Traversal?

Network Address Translation (NAT) is a technology for connecting multiple devices to a single external IP address. Most ADSL modems, firewalls, and mobile operators perform network address translation. It happens in most homes, hotels, offices, and mobile data connections without users knowing of it.

NAT Traversal refers to techniques for making applications, such as voice-over-IP and multi-player games, work across devices that perform network address translation.

Help to Make Access Work though NAT & Firewall

If you have problems getting games or telephony applications working over NAT and firewall, the following links may be helpful.

Information for Developers

The following links may be useful for developers. This listing is for information only, not an endorsement or forbearance.

NAT Traversal Technology

Technology for NAT Traversal falls into a few categories:

  • IETF Standards for UDP: STUN, TURN, ICE. These standards are exteremely widely used, including most smartphones, tablets, laptops, and games. There are also many proprietary variations of the same technology.
  • Interacting with NAT device to open a port: UPnP IGDP, NAT-PMP, PCP. The problem with these approaches is that 1) they need special support from the NAT device, and 2) they do not work across multiple NATs, which is a common scenario especially with mobile hotspots.
  • Forwarding gateway at the NAT device: SOCKS. These require special support from both the firewall and application and are generally only used with some enterprise firewalls.
  • Application layer gateways (ALG) in firewalls.

Of these alternatives, only the IETF standardized NAT traversal solutions and their proprietary variations work with all NATs in all networks - even when multiple NATs are present and the types or features of each NAT are not known. What's more important, they work automatically, without manual configuration.

SSH's Role in the Development of NAT Traversal

SSH Communications Security was active in the development of NAT traversal technologies. The modern way of doing NAT traversal - now standardized in STUN, TURN, ICE, SIP-outbound, and many others - was invented by Tatu Ylonen and Tero Kivinen in 1997-1998 and patented by SSH.

The SSH invented NAT Traversal technology is the only known, practical way of reliably communicating across NAT, and NATs are ubiquitous on the Internet.

Today, the technology is extremely widely used in smartphones, tablets, laptops, IP telephones, smart TVs, and multi-player games.

Patents and Licensing

SSH Communications Security owns several patents on NAT Traversal. Most of the patents are valid until approximately 2020. The patents are available for licensing. SSH is actively enforcing its patents against some of the larger player in the relevant fields.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now