Limitations of NAT (1): Application Dependence

Any application that embeds an IP address or port number in its payload will break a NAT
- FTP, H.323, SIP, RTSP, IKE, DNS, others
This can be overcome in two ways:
- For legacy protocols the NAT must be designed to look into packets from certain protocols and translate embedded IP addresses and port numbers
- - Need to recalculate checksum and may even have to change the TCP sequence number
- For the last few years, most protocols have been designed to be “NAT-friendly”
However, packets with transport layer or application layer encryption or authentication still break NATs
- IPsec, SSL/TLS, etc.

Any application that embeds an IP address or port number in its payload will break a NAT