At 07:54 06.10.2000, Randy Bush wrote:
> > But ... some organisations insist on NAT for address hiding.
If this will be a "real business case", IPv6 will perhaps never reach
companies.
Because of the feature of the End-To-End security like Authentication
(which is a major built-in feature for IPv6), they cannot modify the packet
without breaking the AH.
>well tell them that this is one of the wonderful features about ipv6. nat
>is built into the packet-header encoding and is completely transparent at
>the administrative and routing levels. so it comes with the protocol and
>there is no need for a special device with ipv6.
>
>after all, if they think nats help with security, they'll believe anything.
...would they want to block any authenticated IPv6 packet at the firewall?
...and what's about ESP? Also blocking?
Peter
---------------------------------------------------------------------
The IPv6 Users Mailing List
Unsubscribe by sending "unsubscribe users" to [EMAIL PROTECTED]
