At 12:27 PM +0200 9/27/04, Francis Dupont wrote:
- I don't believe the protocol works with NATs using global addresses
on both sides (yes, this is a stupid way to use NATs but one can say
that using NATs is already stupid :-)
If you mean "non-private" on both sides, there is a very good reason
for such NATs (well, if you believe that there is any reason for
NATs). You have a Class C from your ISP and have hard-wired values in
dozens of boxes, have gotten certificates for some of the IP
addresses, have hard-wired the IP address in other places, and so on.
One day they call and say "we've changed your IP range just because
we can". Tossing everything behind a NAT using the old addresses
keeps everything working until you can handle the transition.
--Paul Hoffman, Director
--VPN Consortium
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf