On Wed, 2003-08-06 at 18:50, Brian E Carpenter wrote: but operational experience > with 10/8 suggests that ambiguity is actually a bigger pain than > NAT in some scenarios (VPNs between two Net 10 networks, for > example).
Combining the two is worse ... I spent two months _solid_ working to "productising" NAT with IPsec VPNs, in conjunction with Internet access (eg NAT to VPN destinations, but not to Internet destinations; NAT to Internet destinations, but not VPN destinations, NAT to both, but 1-to-Many to Internet, 1-to-1 to VPN, etc., etc,). My advice to everybody is don't ever go down that rat-hole. I still have nightmares... Regards, Mark. -------------------------------------------------------------------- IETF IPng Working Group Mailing List IPng Home Page: http://playground.sun.com/ipng FTP archive: ftp://playground.sun.com/pub/ipng Direct all administrative requests to [EMAIL PROTECTED] --------------------------------------------------------------------
