[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT and IPSEC INCOMPATIBLE???
agreed, but my comment was directed to the use of NAT in hotels. It was not
inteded to be IPSec specific. I had *assumed* that they were doing port
translation (to conserve addresses).
PatC
>
> Pat,
>
> The accessability provided by NAPT (Network Address Port Translator)
> is not any less than the accessibility provided by a host with a
> single address.
>
> Further, Bidirectional-NAT does not preclude inbound connections.
> It simply does address multiplexing - optimal use of limited
> addresses available.
>
> I suggest you take a look at <draft-ietf-nat-terminology-03.txt>
> prior to spreading misinformation.
>
> cheers,
> suresh
>
> >
> > And just to make matters worse, I could not have anyone connect directly to me
> > thanks to NAT (i.e. ftp, SIP, etc).
> >
> > PatC
> >
> > > > > By the way, there are certain markets where NAT is a requirement (such as
> > > > > running IP to the guest rooms in hotels)
> > >
> > > Until the hotels get more customers like Pat, who say that...
> > >
> > > > hmm... so I HAVE to trust my hotel? What kind of customers are they looking
> > > > for? If they are looking for the commuter, then NAT is a bad thing since I
> > > > will want to encrypt my data back to my corporate network.
> > >
> > > And by then they'll be looking for another alternative.
> > >
> > > > > and IPSec is also extremely high profile. It would help everyone out if
> > > > > there was a built-in method to scale arbitarily
> > > > > large for address translated IPSec connections - just with ESP, I don't
> > > > > think that AH is as important to these users.
> > >
> > > And that alternative is IPv6. ESP works just fine over that.
> > >
> > > Dan
> >
> >
> >
>
Follow-Ups:
References: