[41356] in North American Network Operators' Group
Re: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Bob K)
Fri Sep 7 01:07:10 2001
Date: Fri, 7 Sep 2001 01:06:41 -0400 (EDT)
From: Bob K <melange@yip.org>
To: Bora Akyol <akyol@mac.com>
Cc: nanog@merit.edu
In-Reply-To: <200109070343.UAA10665@smtpout.mac.com>
Message-ID: <Pine.BSF.4.21.0109070025360.52732-100000@pi.yip.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
> > ...except current implementations of IPSEC:
> >
> > http://www.isp-planet.com/technology/2001/ipsec_nat.html
> >
> > Luckily, the above article also mentions the fixes that are in the
> > works...
On Thu, 6 Sep 2001, Bora Akyol wrote:
> Bob
> I am not supporting NAT here, but
> most common IPSEC implementations including Free S/WAN work fine behind
> NAT.
>
> Bora
I stand corrected after perusing http://jixen.tripod.com/#NATed%20gateways
- although I'm not sure I'd describe that as working "fine", but rather
"can be made to work, in a narrow set of circumstances". It should be
noted that the Free S/WAN docs explicitly recommend against trying it.
--
Bob <melange@yip.org> | Yes. I know. That is, indeed, *not* mayonnaise.
