Network Address Translation issues with IPsec

Document Type Expired Internet-Draft (individual)
Author Robert Moskowitz 
Last updated 1997-09-02
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document looks at a number of issues surrounding the need for network address translation (NAT) when IPsec is used to create virtual private networks (NAT). This document only looks at simple VPNs. That is VPNs consisting of a single IPsec tunnel as compared to VPNs consisting of chained and/or nested IPsec tunnels and/or transports.


Robert Moskowitz (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)