Which two statements about IPsec in a NAT-enabled environment are true? (Choose two)
A. The hashes of each peer’s IP address and port number are compared to determine whether NATT is required
B. NAT-T is not supported when IPsec Phase 1 is set to Aggressive Mode
C. The first two messages of IPsec Phase 2 are used to determine whether the remote host supports NAT-T
D. NAT-T is not supported when IPsec Phase 1 is set to Main Mode
E. IPsec packets are encapsulated in UDP 500 or UDP 10000 packets
F. To prevent translations from expiring, NAT keepalive messages that include a payload are sent between the peers
