O'Reilly logo

Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide by Dameon D. Welch-Abernathy

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Limitations of NAT

NAT does not work in all cases. The following subsections document some of the instances where NAT will not work as expected.

NAT Is Incompatible with Some Protocols

The main components that NAT changes are the IP addresses in the TCP/IP headers and possibly the TCP or UDP ports. This works for some applications, but many applications embed IP addresses in the data portion of the packet (e.g., Microsoft Networking[5]) or expect packets to come from a particular source port (e.g., IKE negotiations for IPSec). In these cases, NAT has to act somewhat like an application proxy in that it must understand the underlying protocol and make intelligent changes to the packets so that the protocol will work despite undergoing NAT.

[5] ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required