An Illustrated Guide to IPsec - Unixwiz.net
http://unixwiz.net/techtips/iguide-ipsec.html
WEBAug 24, 2005 · When using TCP or UDP, this is commonly done with port numbers (whether rewritten on the fly or not), but IPsec provides no hook to allow this. At first one might suspect the SPI, which appears to be a useful identifier, but because the SPI is different in both directions, the NAT device has no way to associate the returning packet …
DA: 56 PA: 24 MOZ Rank: 70