[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSEC and NAT
Yan-Fa LI writes:
> Why not push the problem out to the individual hosts ? Have the hosts
> have virtual network interfaces that appear to be on the
> Internal/Virtual network, just like PPP. This avoids many of the
> inherent problems of NAT. I remember that Bellovin and Cheswick wrote a
> paper on just this idea some years ago.
Because NAT-in-a-box requires one currently available box, while doing
the virtual network interface on every desktop requires currently
unavailable software on every desktop.
--
Karl Fox, servant of God, employee of Ascend Communications
655 Metro Place South, Suite 370, Dublin, Ohio 43017 +1 614 760 4041
Follow-Ups:
References: