ietf
[Top] [All Lists]

Re: IETF network & VPNs

2001-08-09 16:20:03
At 01:53 PM 8/9/2001, RJ Atkinson wrote:
At 14:20 09/08/01, Matt Holdrege wrote:
>Wrong! Most IETF'ers I know tunnel back to their home offices. I personally use an IPsec/IKE implementation that doesn't care much for NAT.

If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
external interface of a box that is also performing NAT on the inside
interface, there just isn't a problem.  Lots of the economical
gateway/firewall/encryptor widgets work this way.  This approach
actually works quite well, particularly if one's employer has an
internal network using private address space.

Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT would be provided by the local IETF host through the Internet and to the corporate network. It doesn't matter that the corporate firewall/IPsec endpoint does NAT unless of course both sides use the same address range (that would not be nice).



<Prev in Thread] Current Thread [Next in Thread>