ESP (Encapsulating Security Payload) is IP Protocol 50, meaning not based on TCP or UDP, and is used to encrypt the important data information. It is a member of the IPsec protocol suite. Keep in mind that it is not port based, so it is unable to be NAT’ed through a router. Nat’ing involves manipulation of the IP Header and TCP/UDP ports, and this poses a problem with ESP.
IPsec uses ESP and takes the original IP information and securely encapsulate it via encryption. This prevents network sniffers from uncovering its original IP Address information while it is in route.
The NAT issue above is resolved by using NAT-T (NAT-Traversal), which wraps ESP into a UDP packet, which now allows the packet to have a destination and source port.
ISAKMP UDP port 500 is used first to establish communication, and then the data of the actual call will use IPsec port 4500 (ipsec-nat-t)