NAT Traversal (NAT-T) Technology

What Is NAT Traversal?

Network Address Translation (NAT) is a technology for connecting multiple devices to a single external IP address. Most ADSL modems, firewalls, and mobile operators perform network address translation. It happens in most homes, hotels, offices, and mobile data connections without users knowing of it.

NAT Traversal refers to techniques for making applications, such as voice-over-IP and multi-player games, work across devices that perform network address translation.

How to get access via NAT and firewalls

If you have problems getting games or telephony applications working over NAT and firewalls, the following links may be helpful:

Information for developers

The following links may be useful for developers. This listing is for information only, not an endorsement:

NAT Traversal Technology

Technology for NAT Traversal falls into a few categories:

  • IETF Standards for UDP: STUN, TURN, ICE. These standards are extremely widely used, including most smartphones, tablets, laptops, and games. There are also many proprietary variations of the same technology.

  • Interacting with NAT device to open a port: UPnP IGDP, NAT-PMP, PCP. The problem with these approaches is that 1) they need special support from the NAT device, and 2) they do not work across multiple NATs, which is a common scenario especially with mobile hotspots.

  • Forwarding gateway at the NAT device: SOCKS. These require special support from both the firewall and application and are generally only used with some enterprise firewalls.

  • Application layer gateways (ALG) in firewalls.

Of these alternatives, only the IETF standardized NAT traversal solutions and their proprietary variations work with all NATs in all networks - even when multiple NATs are present and the types or features of each NAT are not known. What's more important, they work automatically, without manual configuration.

SSH.COM and our role in the development of NAT Traversal

SSH Communications Security was active in the development of NAT Traversal technologies. The modern way of doing NAT traversal - now standardized in STUN, TURN, ICE, SIP-outbound, and many others - was invented by Tatu Ylonen and Tero Kivinen in 1997-1998 and patented by SSH Communications Security.

The SSH-invented NAT Traversal technology is the only known, practical way of reliably communicating across NAT, and NATs are ubiquitous on the Internet.

Today, the technology is extremely widely used in smartphones, tablets, laptops, IP telephones, smart TVs, and multiplayer games.

Patents and Licensing

SSH Communications Security owns several patents on NAT Traversal. Most of the patents are valid until approximately 2020. The patents are available for licensing. SSH.COM actively enforces its patents against some of the larger players in the relevant fields.