The commonly quoted packet flow diagram at  does not show where NAT-T is
IPsec MOBIKE. Questions are:
1. Where in the diagram is NAT-T de-capsulation performed?
2. Where in the diagram is NAT-T encapsulation performed?
3. Does the NAT-T UDP header have to be removed so the iptables IPsec policy
module can operate?
4. Traffic from the topmost "local process" block flows to a "routing
decision" block. Is this to prevent
a local IPsec connection (to loopback address, possibly ) from being
Users mailing list