Hey, are you Japanese or Not?
Have you already quited Japanese?
Anyone should consider about both the protocol and
the constitution of own nation simultaneously.
It's the matter of right or wrong, not legal or illegal.
---
TaddyHatty,
Martin Rex wrote:
Correct. It is called the HTTP CONNECT method.
If, with your definition of "traversal", tunneling is a form
of traversal, tunneling by IPSEC is a standard firewall
traversal protocol and is much better than HTTP CONNECT
because of UDP.
Not quite. Tunneling needs matching configurations on both ends,
Yes, of course.
and that rarely works, in particular on a global scale with
peers you do not know a-priori.
Where is the point to use firewalls or firewall functionality
of NAT to be tunneled by someone you do not know a-priori?
That's why I said:
: FYI, traversable firewall is, by definition, broken.
Or, if you are saying you and your peer are members of some
large organization, the organization can take care of
IPSEC peering configuration.
But, too often, it is a lot easier, a lot more convenient and
a lot more flexible to use ID/password at the application layer,
which is partly why IPSEC is not really deployed.
Home DSL routers usually do NAT. For outgoing connections,
they're transparent.
Unlike end to end NAT, legacy NAT is not very transparent.
For incoming connections, it is either
possible to configure static mappings (external->internal)
If you want to run servers behind NAT, you need static IP
addresses and static port numbers, of course.
or there might be some dynamic configurability through UPnP.
UDP included.
It works only after a connection is established through
a static IP address and a port number.
Masataka Ohta
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf