diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index 5cdf8d6158a5a27c86042d6d8917183ca3f6bd1c..fad78b8957df06a446f2d650c01389bab81f698a 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -5,7 +5,7 @@ SSU2
     :author: eyedeekay, orignal, zlatinb, zzz
     :created: 2021-09-12
     :thread: http://zzz.i2p/topics/2612
-    :lastupdated: 2022-10-12
+    :lastupdated: 2022-10-16
     :status: Open
     :target: 0.9.56
 
@@ -7845,6 +7845,11 @@ there are several options to validate the signature:
   to that in the Relay Response, if already received
 - Don't validate the signature at all
 
+If Charlie is behind a symmetric NAT, his reported port in the Relay Response and Hole Punch
+may not be accurate. Therefore, Alice should check the UDP source port of the Hole Punch
+message, and use that if it is different than the reported port.
+
+
 
 Tag Requests by Bob
 ------------------------
diff --git a/i2p2www/spec/ssu2.rst b/i2p2www/spec/ssu2.rst
index f6d94d125cc03c97d19d5594bbe363b1b6edaf72..e3329d020be1f2255a558566e7b303fe417f0f2c 100644
--- a/i2p2www/spec/ssu2.rst
+++ b/i2p2www/spec/ssu2.rst
@@ -5455,6 +5455,10 @@ there are several options to validate the signature:
   to that in the Relay Response, if already received
 - Don't validate the signature at all
 
+If Charlie is behind a symmetric NAT, his reported port in the Relay Response and Hole Punch
+may not be accurate. Therefore, Alice should check the UDP source port of the Hole Punch
+message, and use that if it is different than the reported port.
+
 
 Tag Requests by Bob
 ------------------------