On Mon, 2004-09-27 at 16:53, Paul Hoffman / VPNC wrote:
At 12:27 PM +0200 9/27/04, Francis Dupont wrote:
- I don't believe the protocol works with NATs using global addresses
on both sides (yes, this is a stupid way to use NATs but one can say
that using NATs is already stupid :-)
If you mean "non-private" on both sides, there is a very good reason
for such NATs (well, if you believe that there is any reason for
NATs). You have a Class C from your ISP and have hard-wired values in
dozens of boxes, have gotten certificates for some of the IP
addresses, have hard-wired the IP address in other places, and so on.
One day they call and say "we've changed your IP range just because
we can". Tossing everything behind a NAT using the old addresses
keeps everything working until you can handle the transition.
--Paul Hoffman, Director
--VPN Consortium
As a "Director" (of what that may be) you probably also know of these
papers called 'contracts'. Thus make sure you have that sort of stuff in
your contract. There was a couple of months ago even some weird company
who abused their network and then got disconnected and almost got the
court to let them keep their addresses... Not a technical issue and thus
irrelevant.
Greets,
Jeroen
signature.asc
Description: This is a digitally signed message part
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf