When a outgoing UDP request is sent from IPA:port1 to IPB:port2 through a firewall, the firewall then allows inbound responses from IPB:port2 to IPA:port1, even if the initial request was unsuccessful.
UDP hole punching exploits this behavior to enable two machines behind NATs or firewalls to establish a direct connection. By first sending packets to a central server, they obtain their respective public addresses and ports, then use this information to communicate directly and a peer-to-peer session can be established without a proxy or VPN.