can ibgp be used behind nat?

bgp work on tcp so you can peer with others if they are directley connected . If they are not then you need some way of learning the route to that destination before you can peer with the remote end. there are few well written bgp guides on cisco.com have a look at them.

There is no hard and fast rule what protocol is the best and what you should use in your network . If ospf can get what you need then that if bgp get you your results then use that. Make sure you understand how each protocol works and how your network can benifit from them after all you are the one going to be woken up at night if it goes down.

Not really clear what you are asking for... but if you need routing through an IPsec tunnel or through a firewall doing NAT, your choices are pretty much limited to either a GRE tunnel or BGP. My preference is BGP, but a GRE tunnel can be easier. Either way, if you're routes are going through a NAT translation, it's a bit tricky to get the forwarding tables to be correct (the next hop advertised by the routing protocol does not get translated by NAT, so you have to force it to be correct. This is trivial with BGP, or can be done indirectly using a static route.

Depending upon your environment, you may also need to worry about how much you can trust the routes advertised on the other side of the firewall. See the white paper on my web site on supporting redundant firewalls for a paranoid example. You may also get some hints from the redundant VPN white paper, also there.

Good luck and have fun!

Thanks for the help i was starting to think it could not be done. In this link

talks about using bgp to redistribute eigrp. That could be a good option. But setting bgp alone could do the job too. Thanks.