[41349] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Bob K)
Thu Sep 6 22:30:27 2001
Date: Thu, 6 Sep 2001 22:29:38 -0400 (EDT)
From: Bob K <melange@yip.org>
To: nanog@merit.edu
In-Reply-To: <B7BD7B8F.1DE2%dsclements@linkline.com>
Message-ID: <Pine.BSF.4.21.0109062222180.52732-100000@pi.yip.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 6 Sep 2001, Doug Clements wrote:
> > A business that requires direct Internet access can't use NAT at the border.
>
> Not true. While I expect you will take this as nitpicking, one:one NAT is
> very conveniently used for servers while one:many NAT can be used for
> generic workstation access while preserving a consistent LAN numbering
> scheme. Anything that a "full" internet connection gets you will also work
> with one:one NAT.
...except current implementations of IPSEC:
http://www.isp-planet.com/technology/2001/ipsec_nat.html
Luckily, the above article also mentions the fixes that are in the
works...
--
Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.
