ietf
[Top] [All Lists]

RE: IETF network & VPNs

2001-08-09 16:50:02
A lot of companies are starting to do UDP tunneling between their client and
gateway (well at least Cisco's latest Windows client does).  Then, NAT isn't
a issue if the option is enabled at the gateway.


/jsb

-----Original Message-----
From: Matt Holdrege [mailto:matt(_at_)ipverse(_dot_)com]
Sent: Thursday, August 09, 2001 4:04 PM
To: RJ Atkinson; ietf(_at_)ietf(_dot_)org
Subject: Re: IETF network & VPNs

At 01:53 PM 8/9/2001, RJ Atkinson wrote:
At 14:20 09/08/01, Matt Holdrege wrote:
Wrong! Most IETF'ers I know tunnel back to their home offices. I
personally use an IPsec/IKE implementation that doesn't care much for NAT.

If the remote ESP tunnel endpoint (and IKE KM endpoint) is on the
external interface of a box that is also performing NAT on the inside
interface, there just isn't a problem.  Lots of the economical
gateway/firewall/encryptor widgets work this way.  This approach
actually works quite well, particularly if one's employer has an
internal network using private address space.

Yes but this would be ESP/IKE IPv4 laptops running through whatever NAT
would be provided by the local IETF host through the Internet and to the
corporate network. It doesn't matter that the corporate firewall/IPsec
endpoint does NAT unless of course both sides use the same address range
(that would not be nice).



<Prev in Thread] Current Thread [Next in Thread>