what is the use of NAT keep-alive in IPSEC VPN ??
i have searched and it said that it maintain the NAT translation between 2 peers but i dont understand what doesn that means
If NAT device is detected between VPN peers NAT-T is used and all IPsec packets are encapsulated with additional UDP header. If the VPN is idle the NAT device may clear the translation. For example SRX will clear idle UDP connections after 60s. When new traffic is generated NAT device will establish different translation will different IP/port. This will break the VPN.
For more details look for "keepalive" in the following RFC's
Some additional information"NAT keepalives are enabled to keep the dynamic NAT mapping alive during a connection between two peers. NAT keepalives are UDP packets with an unencrypted payload of 1 byte. Although the current dead peer detection (DPD) implementation is similar to NAT keepalives, there is a slight difference: DPD is used to detect peer status, while NAT keepalives are sent if the IPsec entity did not send or receive the packet at a specified period of time--valid range is between 5 to 3600 seconds."