Le 12/11/2016 à 23:32, Joe a écrit :
The SNAT should not be an issue, it can handle all protocols transparently
No it cannot. NAT is not possible with some IP protocols. Plain IPSec (without NAT-T encapsulation) is the first one that comes in mind.
Also many complex protocols such as FTP or SIP (nothing exotic here) require special support and this is not transparent as it requires messing with the payload, not only with the packet headers. Use of encryption with these protocoles may come in the way and defeat NAT handling.
