Use of NATs/ALGs (cont.)
Not a perfect solution:
- doesn’t allow end-2-end IPSec, but
- IPSec could still be used between NATs
- use SSL
- requires ALGs to support for applications that carry IP addresses in the application data stream, or
- fix broken applications instead
Decision to use of NATs/ALGs should be based on cost/benefit analysis