On Wed, 18 Jun 2003 16:06:08 PDT, Eric Rescorla said:
Melinda Shore <mshore(_at_)cisco(_dot_)com> writes:
Not really. For example, ftp as originally defined doesn't
work through NATs, and no standard VoIP or multimedia
conferencing protocol works through NAT.
None of these things worked real well through firewalls either,
which is sort of my point.
There's a *crucial* distinction here:
If it doesn't work through a firewall, it's because the firewall is doing
what you ASKED it to do - block certain classes of connections.
If it doesn't work through a NAT, it's because the NAT is FAILING to do what
you asked it to do - allow transparent connections from boxes behind the NAT.
Unless of course you're deploying NAT for some reason *OTHER* than
transparent connections? Are you trying to get your money's worth because
you paid for the extra-deluxe "works most of the time but breaks some apps"
Or is the only reason you have NAT at all because you bought some vendor's
"connection appliance in a box" that proceeded to NAT you regardless of your
Description: PGP signature