[136586] in North American Network Operators' Group
Re: quietly....
daemon@ATHENA.MIT.EDU (david raistrick)
Thu Feb 3 15:50:05 2011
Date: Thu, 3 Feb 2011 15:38:47 -0500 (EST)
From: david raistrick <drais@icantclick.org>
To: Valdis.Kletnieks@vt.edu
In-Reply-To: <37955.1296761312@localhost>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, 3 Feb 2011, Valdis.Kletnieks@vt.edu wrote:
> The only reason FTP works through a NAT is because the NAT has already
> been hacked up to further mangle the data stream to make up for the
> mangling it does.
Speaking of should-have-died-years-ago. FTP fits that category well. ;)
> I'm told that IPSEC through a NAT can be interesting too... And that's
> something I'm also told some corporations are interested in.
NAT traversal for ipsec was sorted out more than a few years ago with 3 or
4 different methods in play. I dropped out of that market about the time
it came to light, but as a ipsec end user I haven't had NAT problems going
back as far as 2006 for sure, possibily further.
(the original problem was that only 1 user behind 1 IP could speak ipsec
because it uses a specific protocol, not a port, that can only be 1-to-1.
I'll leave it as an exercise for the reader to figure out that was magiced
around without requiring the NAT devices to do anything. and ssl doesn't
count. :)
--
david raistrick http://www.netmeister.org/news/learn2quote.html
drais@icantclick.org http://www.expita.com/nomime.html
