At 01:53 PM 8/9/2001, RJ Atkinson wrote:
>At 14:20 09/08/01, Matt Holdrege wrote:
> >Wrong! Most IETF'ers I know tunnel back to their home offices. I
> personally use an IPsec/IKE implementation that doesn't care much for NAT.
>
>If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
>external interface of a box that is also performing NAT on the inside
>interface, there just isn't a problem. Lots of the economical
>gateway/firewall/encryptor widgets work this way. This approach
>actually works quite well, particularly if one's employer has an
>internal network using private address space.
Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT
would be provided by the local IETF host through the Internet and to the
corporate network. It doesn't matter that the corporate firewall/IPsec
endpoint does NAT unless of course both sides use the same address range
(that would not be nice).
