NAT-Hostile Protocols

Because of their intrinsic operation, NAT gateways in the communication path of certain protocols might disturb their inner working. Good examples are H.323/SIP, FTP, end-to-end IPSec, and peer-to-peer applications. Unfortunately, these problems often are caused by inconsiderate application development and easily could have been avoided (RFC 3235, "Network Address Translator (NAT)?Friendly Application Design Guidelines"). In the case of H.323, this can be compensated easily by application level gateway (ALG) mappings of modern firewall engines (for example, Cisco PIX Firewall) or the use of H.323 gatekeepers/proxies.

Keep in mind that stateful NAT and stateful inspection firewall issues are related and often intertwined. Special pains are applications that use random ports.