[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NAT Traversal

To: "Chinna N.R. Pellacuru" <pcn@cisco.com>
Subject: Re: NAT Traversal
From: Derek Atkins <derek@ihtfp.com>
Date: 26 Feb 2002 19:28:01 -0500
Cc: Markus Stenberg <mstenber@ssh.com>, <ipsec@lists.tislabs.com>
In-Reply-To: <Pine.GSO.4.33.0202261129380.24377-100000@irp-view5.cisco.com>
References: <Pine.GSO.4.33.0202261129380.24377-100000@irp-view5.cisco.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7

"Chinna N.R. Pellacuru" <pcn@cisco.com> writes:

> In what "other" cases are you saying we need to do IPsec transport mode
> through NAT? Someone gets a private address, and does plain IPsec
> transport mode through NAT! to whom? and why?

Here's an example: A person at a conference who's laptop is setup to
perform RSA-based transport-mode opportunistic encryption, but where
the conference is sitting on a NAT?  I've been to conferences where
they conference LAN is sitting behind a NAT, but I would still like to
be able to use my laptop and the services it has the same way I would
if I were NOT sitting behind a NAT.  To my laptop, it shouldn't
matter.

Keep in mind that the user who wants to run IPsec and the manager who
runs the network with a NAT may NOT be the same person!

-derek

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com

Follow-Ups:
- Re: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>
- RE: NAT Traversal
  - From: "Jayant Shukla" <jshukla@trlokom.com>

References:
- Re: NAT Traversal
  - From: "Chinna N.R. Pellacuru" <pcn@cisco.com>

Prev by Date: Re: NAT Traversal
Next by Date: Re: NAT Traversal
Prev by thread: Re: NAT Traversal
Next by thread: Re: NAT Traversal
Index(es):
- Date
- Thread