--- a/net/netfilter/nf_nat_core.c
+++ b/net/netfilter/nf_nat_core.c
@@ -89,6 +89,9 @@ int nf_xfrm_me_harder(struct sk_buff *sk
 	struct dst_entry *dst;
 	int err;
 
+	if (!dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT])
+		return 0;
+
 	err = xfrm_decode_session(skb, &fl, family);
 	if (err < 0)
 		return err;