[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPSEC and NAT

To: rgm3@chrysler.com
Subject: Re: IPSEC and NAT
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Date: Wed, 27 Aug 1997 13:42:28 -0400
Address: 1 Amherst St., Cambridge, MA 02139
Cc: ipsec@tis.com
In-Reply-To: Robert Moskowitz's message of Wed, 27 Aug 1997 06:37:25 -0400,<3.0.3.32.19970827063725.0331e780@pop3hub.is.chrysler.com>
Phone: (617) 253-8091
Sender: owner-ipsec@ex.tis.com

Granted, the issues are very complex, and I very much understand that at
the time, NAT's may have seemed to be a cheaper alternative than
fighting the address space battles.  And I recognize that NAT's did not
arise out of a vacuum, either.  

I will observe, though, that while NAT's may have appeared to be the
cheaper solution initially, the total bill for the NAT "solution" has
yet to be totalled up.  

Interactions with IPSEC is just one such example of an additional cost
of NAT's.  (And let us be clear that it is a cost imposed by NAT's, not
by IPSEC, as it is the NAT boxes which broke a fundamental property of
the Internet architecture.)

						- Ted

Follow-Ups:

Re: IPSEC and NAT

From: Robert Moskowitz <rgm3@chrysler.com>

References:

Re: IPSEC and NAT

From: Robert Moskowitz <rgm3@chrysler.com>

Prev by Date: Re: manual keying and IPSEC conformance
Next by Date: Re: order/nesting of IPsec headers (transport mode)
Prev by thread: Re: IPSEC and NAT
Next by thread: Re: IPSEC and NAT
Index(es):
- Main
- Thread