Secure Mobile Access 12.4 Administration Guide

ESP Mode

Encapsulating Security Payload (ESP) is a way to encapsulate and decapsulate packets inside of a UDP wrapper (port 4500) for traversing NATs. Using it can improve the performance of UDP-streaming applications like VoIP. For more information on ESP, see RFCs 2406 and 3948:

http://www.ietf.org/rfc/rfc2406.txt

http://www.ietf.org/rfc/rfc3948.txt

ESP encapsulation is the default setting for newly defined communities. UDP port 4500 must be open in network firewalls for traffic to and from the appliance's external IP addresses and virtual IP addresses when using it.

When enabled, ESP use is automatically negotiated between a client and the SMA appliance. You can choose to use it for all traffic or just UDP traffic; if ESP fails or if the client does not support it, then the SSL tunnel is automatically used instead. The User Sessions page in AMC indicates which type of tunnel is being used.

The log files also indicate which tunnel was used: log messages will indicate UDP port 4500 packets for ESP traffic and TCP port 443 packets for SSL tunnel packets.

Under Configure Realm > Configure Community> Advanced> ESP mode, you can select Enable ESP encapsulation of tunnel network traffic checkbox to improve the performance of the application.

  • Use for all network traffic
  • Use for UDP traffic only

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden