NAT Traversal – This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within 4500/udp packets. This is the default method for UDP tunneling with the Cisco VPN client
IPSec over UDP – This method still uses 500/udp for IKE negotiation, but then tunnels IPSec data traffic within a pre-defined UDP port. The default port for this traffic is 10000/udp.
IPSec over TCP – This method tunnels both the IKE negotiation and IPSec data traffic within a pre-defined TCP port. The default port for this traffic is 10000/tcp. This is the only method that tunnels both IKE and IPSec within the same stream.