going over ipsec nat-t
topology is simple
r1-------------r2-----------------r3
r2 does PAT for the ip address of r1.
I was trying to see the effect of disabling nat transversal on either r1 and r3, as per the documentation, since esp is stateless nat won't be done for it and r2 will drop the trafiic. But to my utmost surprise, the packet went true.
This is the show ip nat trans on r2
R2(config)#do sh ip nat tr
Pro Inside global Inside local Outside local Outside global
esp 10.0.23.2:0 10.0.12.1:0 10.0.23.3:0 10.0.23.3:D8774F8A
esp 10.0.23.2:0 10.0.12.1:97FDBBBC 10.0.23.3:0 10.0.23.3:0
Is this expected? why is esp being natted. I though this was the motivation of tunneling esp over udp accross nat.
thanks.