Why does PAT fail with ESP packets?
A.
because ESP is a portless protocol riding directly over IP, ESP prevents the PAT from creating IP address and port mappings
B.
because using tunnel mode, ESP includes the outer IP header in computing the ICV, thus if PAT modifies the outer IP header, the ICV will fail
C.
because ESP does not support tunnel mode
D.
because the ESP header is encrypted
E.
because ESP uses dynamic port number