The security flawn with NAT traversal and IKE is described in: draft-dupont-transient-pseudonat-00.txt Francis.Dupont@enst-bretagne.fr PS: I don't know what to do for the future of this draft?