2. Disadvantages of NAT
Any rewriting of packet headers has the potential to cause problems. With NAT, problems are most likely to occur with those protocols in which the IP address is embedded within the packets, or with those where there is a need for a remote host to initiate a connection to the host behind the NAT. With many such protocols, there may be legitimate uses of them, particularly within the university environment.
Some application-level gateways can introduce their own problems, through bugs, security issues and the difficulty of debugging problems where they are involved. Indeed, some application gateways have achieved considerable notoriety, such were the problems caused.
As with stateful firewalls, issues with TCP timeouts can arise with many protocols. Idle TCP connections may be kept open through the use of keep-alives, but if the interval between sending keep-alives is longer than the lifetime of a connection in the state table of a firewall or NAT drive, idle connections are liable to be broken. This may be annoying for some applications, for instance logins to remote systems, especially if users have a need to log into several simultaneously. Keeping state table entries for too long may risk the table filling, but the keep-alive interval can often be adjusted in applications to reduce the risk of unwanted disconnects.