[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NAT Traversal
"Chinna N.R. Pellacuru" <pcn@cisco.com> writes:
> In what "other" cases are you saying we need to do IPsec transport mode
> through NAT? Someone gets a private address, and does plain IPsec
> transport mode through NAT! to whom? and why?
Here's an example: A person at a conference who's laptop is setup to
perform RSA-based transport-mode opportunistic encryption, but where
the conference is sitting on a NAT? I've been to conferences where
they conference LAN is sitting behind a NAT, but I would still like to
be able to use my laptop and the services it has the same way I would
if I were NOT sitting behind a NAT. To my laptop, it shouldn't
matter.
Keep in mind that the user who wants to run IPsec and the manager who
runs the network with a NAT may NOT be the same person!
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com