"Christian Strauf (JOIN)" <[EMAIL PROTECTED]> wrote:
|I don't think that it is about giving up what you need. With a combined
|v4/v6-capable firewall- and v4-NAT box you could easily achieve the same
|level of isolation of a subnet but without the restrictions for IPv6
|hosts that are forced on v4-hosts by v4-NAT. (In this case: if you want
|to be dual-stacked you keep v4 NAT and use v6 with appropriate firewall
|rules.) So this should not be much of a problem.
But (assuming I'm understanding your setup correctly) you have to restrict
all the local applications that require address stability to using NAT'ed
IPv4 only. The v6 firewall rules don't isolate you from address changes.
I guess that's ok, but having to select which version of IP to use depending
on whether you want stable local or unstable global access seems at least as
complicated as selecting local vs. global addresses for the same reasons.
Dan Lanciani
[EMAIL PROTECTED]
--------------------------------------------------------------------
IETF IPv6 working group mailing list
[EMAIL PROTECTED]
Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6
--------------------------------------------------------------------
