[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Towards closure on NAT traversal.





> -----Original Message-----
> From: Melinda Shore [mailto:mshore@cisco.com]
> 
> If you're arguing that NAT traversal problems need to be solved, well
> sure,

I think now we all agree that NAT traversal problem need to be solved.
However, at the San Diego meeting a gentleman from your company chimed,
"We will just wait for IPv6." I presume that is not your company policy
(anymore). 

> I agree - I chair midcom and am working on additional approaches to
the
> problem.  If you're arguing that the IPSec working group should figure
out
> how to get non-PASV FTP across NATs, that's just silly.
> 
> Melinda

In the end, somebody has to provide the full solution and that is all
customers care about. If it is all done at one place it is far more
attractive than a split solution. 

A split solution requires too many changes everywhere. People "might"
digest changes to IKE, IPsec, and NATs. However, if you start proposing
changes to applications as well, you will be in trouble as that would
inconvenience your customers a bit too much. 

That is why we are advocating a single solution and want to leave the
applications untouched. The fact that our solution does not require
changes to IKE or NATs, makes it more attractive.  

Also, figuring out how to get non-PASV FTP across NATs is not silly, but
it is important. That is how mirror ftp sites get updated. Because we
solve this problem, it has made several of our clients very happy. 

BTW, PORT mode usage accounts for over 77% of the users on Microsoft
site. 

Site statistics from Microsoft site (9:17 am 4 March 2002)
  PASV : 249596
  PORT : 845979

Regards,
Jayant
www.trlokom.com