Both TCP & UDP checksum use pseudo header which include source and destination address.
In transport mode, there is only one IP header. If source or destination IP is changed by NAT, the TCP/UDP checksum in IPSec data needs to be updated, or the L4 integrity check will fail
Refer to NAT-Traversal
http://mkl-note.blogspot.tw/2011/12/nat-traversal.html
沒有留言:
張貼留言