2.6 Private IP Addresses and NAT
2.6.3 NAT implementation considerations
Because of the nature of address translation, some IP protocols will not function correctly if the servers of the respective protocols reside in the outside network: BootP or DHCP Any variant of BootP require storing the IP address in the BootP data field. Because NAT will not touch this layer, the BootP server will not be able to assign correct IP addresses to its client.
Lab Activity
  In this lab, you will learn the usage of  Network Address Translation through the use of overloading address translation.

DNS

Because DNS relies on a static IP address mapping to a host name, it will not recognize a IP address accurately and report an unexpected host name unless static address translation is used..

SNMP

Similar to BootP, some SNMP MIBS require storing IP addresses in the SNMP data field and thus will not translate correctly. They should either be non-translated, or exist on both sides of a firewall (dual homed, or two different machines).

NAT also poses some network management considerations:

Security

NAT reduces the number of options for providing security. With NAT, nothing that carries an IP address or information derived from an IP address (such as the TCP-header checksum) can be encrypted. While most application-level encryption should be ok, this prevents encryption of the TCP header.

Privacy

NAT itself can be seen as providing a kind of privacy mechanism. This comes from the fact that machines on the backbone cannot monitor which hosts are sending and receiving traffic (assuming of course that the application data is encrypted).

Debugging

The same characteristic that enhances privacy potentially makes debugging problems (including security violations) more difficult. If a host is abusing the Internet is some way (such as trying to attack another machine or even sending large amounts of junk mail or something) it is more difficult to pinpoint the source of the trouble because the IP address of the host is hidden.