RFC 3715 (rfc3715) - Page 1 of 18

IPsec-Network Address Translation (NAT) Compatibility Requirements

Network Working Group                                           B. Aboba
Request for Comments: 3715                                      W. Dixon
Category: Informational                                        Microsoft
                                                              March 2004


   IPsec-Network Address Translation (NAT) Compatibility Requirements

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2004).  All Rights Reserved.

Abstract

   This document describes known incompatibilities between Network
   Address Translation (NAT) and IPsec, and describes the requirements
   for addressing them.  Perhaps the most common use of IPsec is in
   providing virtual private networking capabilities.  One very popular
   use of Virtual Private Networks (VPNs) is to provide telecommuter
   access to the corporate Intranet.  Today, NATs are widely deployed in
   home gateways, as well as in other locations likely to be used by
   telecommuters, such as hotels.  The result is that IPsec-NAT
   incompatibilities have become a major barrier in the deployment of
   IPsec in one of its principal uses.





















Aboba & Dixon                Informational