However, i am not so clear about the tunnel mode.In tunnel mode, we have two IP headers and the NAT64 will only translate one of them (by default, if we don't do anything special with it). so, the problem, is that even if the outside IP header is translated with the NAT64 box, the inner header remains in the original IP version, so i am wondering if this doesn't present additionla difficulties. The option is to translate both headers,
=> But how can you translate the inner header if it's covered with ESP? You can't see the inner header at all.
Hesham
but this again will be different than the IPv4 NAT case, since the inner header in the IPv4 NAT case remains unchanged, while we would be changing it in this case. So i am finding that the tunnel mode wouldn't be so directly supported using the IPv4 NAT traversal techniques for IPSec.However, i am not an expert on this, so i may get this completelly wrong. any guidance on this would be appreciatedRegards, marcelo