A lot of companies are starting to do UDP tunneling between their client and
gateway (well at least Cisco's latest Windows client does). Then, NAT isn't
a issue if the option is enabled at the gateway.
/jsb
-----Original Message-----
From: Matt Holdrege [mailto:[EMAIL PROTECTED]]
Sent: Thursday, August 09, 2001 4:04 PM
To: RJ Atkinson; [EMAIL PROTECTED]
Subject: Re: IETF network & VPNs
At 01:53 PM 8/9/2001, RJ Atkinson wrote:
>At 14:20 09/08/01, Matt Holdrege wrote:
> >Wrong! Most IETF'ers I know tunnel back to their home offices. I
> personally use an IPsec/IKE implementation that doesn't care much for NAT.
>
>If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
>external interface of a box that is also performing NAT on the inside
>interface, there just isn't a problem. Lots of the economical
>gateway/firewall/encryptor widgets work this way. This approach
>actually works quite well, particularly if one's employer has an
>internal network using private address space.
Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT
would be provided by the local IETF host through the Internet and to the
corporate network. It doesn't matter that the corporate firewall/IPsec
endpoint does NAT unless of course both sides use the same address range
(that would not be nice).
