Simon Lockhart wrote:
Anything that relies on knowing which host it is talking to by looking at the source address of packets breaks. Indeed. Novell networking for example - or MS Exchange New Mail notification. of course, you shouldn't be doing either on the internet, but a common "small branch office" solution involves ADSL, NAT and a single VPN client....
Plenty of UDP based apps work over NAT. depends a lot on the nat - if the UDP app isn't port-specific, then often a "smart" nat can create a virtual map for it (and IPSec NAT traversal often relies on a single internal initiator creating such a map on the nat device, and the destination not minding too much) If the "outside" sender expects the recipient to be on a fixed port though, often the best you can hope for is that *one* internal host can receive data.