[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and NAT



Yan-Fa LI writes:
> Why not push the problem out to the individual hosts ?  Have the hosts
> have virtual network interfaces that appear to be on the
> Internal/Virtual network, just like PPP.  This avoids many of the
> inherent problems of NAT.  I remember that Bellovin and Cheswick wrote a
> paper on just this idea some years ago.

Because NAT-in-a-box requires one currently available box, while doing
the virtual network interface on every desktop requires currently
unavailable software on every desktop.
-- 
Karl Fox, servant of God, employee of Ascend Communications
655 Metro Place South, Suite 370, Dublin, Ohio  43017   +1 614 760 4041



Follow-Ups: References: