You're completely correct. NATs can only handle this by heuristics;
they can't handle the situation where more than one host behind it is
communication via IPsec with the same destination.
--Steve Bellovin, http://www.research.att.com/~smb
You're completely correct. NATs can only handle this by heuristics;
they can't handle the situation where more than one host behind it is
communication via IPsec with the same destination.
--Steve Bellovin, http://www.research.att.com/~smb