At 01:53 PM 8/9/2001, RJ Atkinson wrote:
At 14:20 09/08/01, Matt Holdrege wrote:
>Wrong! Most IETF'ers I know tunnel back to their home offices. I
personally use an IPsec/IKE implementation that doesn't care much for NAT.
If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
external interface of a box that is also performing NAT on the inside
interface, there just isn't a problem. Lots of the economical
gateway/firewall/encryptor widgets work this way. This approach
actually works quite well, particularly if one's employer has an
internal network using private address space.
Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT
would be provided by the local IETF host through the Internet and to the
corporate network. It doesn't matter that the corporate firewall/IPsec
endpoint does NAT unless of course both sides use the same address range
(that would not be nice).