A lot of companies are starting to do UDP tunneling between their client and
gateway (well at least Cisco's latest Windows client does). Then, NAT isn't
a issue if the option is enabled at the gateway.
/jsb
-----Original Message-----
From: Matt Holdrege [mailto:matt(_at_)ipverse(_dot_)com]
Sent: Thursday, August 09, 2001 4:04 PM
To: RJ Atkinson; ietf(_at_)ietf(_dot_)org
Subject: Re: IETF network & VPNs
At 01:53 PM 8/9/2001, RJ Atkinson wrote:
At 14:20 09/08/01, Matt Holdrege wrote:
Wrong! Most IETF'ers I know tunnel back to their home offices. I
personally use an IPsec/IKE implementation that doesn't care much for NAT.
If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
external interface of a box that is also performing NAT on the inside
interface, there just isn't a problem. Lots of the economical
gateway/firewall/encryptor widgets work this way. This approach
actually works quite well, particularly if one's employer has an
internal network using private address space.
Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT
would be provided by the local IETF host through the Internet and to the
corporate network. It doesn't matter that the corporate firewall/IPsec
endpoint does NAT unless of course both sides use the same address range
(that would not be nice).