Abstract. The IETF's Next Steps in Signaling (NSIS) framework provides an up-to-date signaling protocol suite that can be used to dynamically install, maintain, and manipulate state in network nodes. In its two-layered architecture, the General Internet Signaling Transport (GIST) protocol is responsible for the transport and routing of signaling messages. The strong presence of Network Address Translation (NAT) gateways in today's Internet infrastructure causes some major challenges to network signaling protocols like NSIS. The address translation mechanisms performed by common NAT gateways are primarily concerned with address information contained in the IP and transport layer headers. Signaling sessions between two signaling peers do, however, rely on address information contained in GIST data units. If a non GIST-aware NAT gateway merely adapts addresses in the IP and transport headers only, inconsistent state will finally be installed at the signaling nodes. In this paper we present the design, implementation, and evaluation of an application level gateway for the GIST protocol, that translates GIST messages in a way that allows to establish signaling sessions between any two GIST nodes across a NAT gateway.Key words: distributed systems, Internet, middleware, performance evaluation 1. Introduction. Network layer resource signaling protocols provide a useful set of tools to dynamically install, maintain, and manipulate state in network nodes. As a prominent example, the ReSource ReserVation Protocol (RSVP) was once designed to establish state in network routers for Quality-of-Service reservations on demand. In response to some limitations of RSVP, the Next Steps in Signaling (NSIS) working group of the Internet Engineering Task Force (IETF) designed an up-to-date signaling framework that is not limited to a particular signaling application only [1]. The NSIS framework follows a two-layered architecture where the lower layer, called General Internet Signalling Transport (GIST) [2] protocol, is solely responsible for the routing and transport of signaling messages, whereas the upper layer, called NSIS Signaling Layer Protocol, implements the actual signaling application's logic, e.g., for Quality-of-Service resource reservations [3].Network Address Translation (NAT) [4] was once introduced to map non-publicly usable ("private") addresses to public IP addresses. NATs mostly deal not only with the translation of IP addresses of different address realms, but also with the mapping of TCP or UDP transport protocol ports within a session (so called Network Address and Port Translation -NAPT, in the following we also use the term NAT for NAPT). Due to this additional port multiplexing, one public IP address can serve many private IP addresses and thus mitigate the potential shortage of IPv4 addresses. But the price is lost end-to-end transparency [8] complicating the design and life of transport or application protocols. Main problems are the missing address binding information for communication initiated from the pu...