Bad NAT

• Network Address Translation presents many difficult challenges.

  • IPsec has inherent issues with NAT and vice versa, “many-to-one” NAT is particularly problematic.

• Knowing how any single NAT implementation will effect IPsec is impossible...Assume the worst!

  • Some NAT implementations completely kill IPsec.
  • Others will allow a single tunnel to be created which will be killed by subsequent attempts to create additional tunnels

Previous slide

Next slide

Back to first slide

View graphic version