Re: Interactions between IPSEC and NAT

["Perry E. Metzger" <perry@piermont.com>]

Cheng_Chen@3com.com writes:
> We all lock our house every morning when we go to work, although we know
> that any average thief will be able to break it.  So many of us pay $3000
> to install the home security system, although we know that any average
> thief will cut your power line to disable the security system before they
> enter the house.  NAT is valuable to many people.  As a NAT user, a less
> than perfect security is better than NO security at all.  Don't you lock
> your front door every morning?

Imagine that you have the choice between a $10 lock that works
perfectly and is highly secure, or a $1000 lock that requires that a
thief sneeze at it for it to open itself. Which would you choose?

IPsec is a simple yet very secure protocol.  You are proposing making
it complicated and costly in an effort to remove all the protection it
would provide. I am not sure that there is a point to that.

An IPsec with the ability to modify the packets in flight is like a
contraceptive that lets you get pregnant. "All the disadvantages of
condoms, with all the disadvantages of pregnancy and and AIDS
combined!" Why would anyone want such a thing?

Perry

---

References:

• Re: Interactions between IPSEC and NAT
• From: Cheng_Chen@3com.com

---

• Prev by Date: Re: Interactions between IPSEC and NAT
• Next by Date: Re: Interactions between IPSEC and NAT
• Prev by thread: Re: Interactions between IPSEC and NAT
• Next by thread: Re: (NAT) Interactions between IPSEC and NAT (fwd)
• Index(es):
  • Main
  • Thread