[41459] in North American Network Operators' Group
Re[2]: Where NAT disenfranchises the end-user ...
daemon@ATHENA.MIT.EDU (Richard Welty)
Mon Sep 10 13:46:49 2001
Date: Mon, 10 Sep 2001 13:47:43 -0400 (Eastern Daylight Time)
From: Richard Welty <rwelty@averillpark.net>
To: NANOG <nanog@merit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-Disposition: INLINE
In-Reply-To: <lyn143uf6x.fsf@gfn.org>
Message-Id: <E15gV87-00051M-00@krusty-motorsports.com>
Errors-To: owner-nanog-outgoing@merit.edu
On 10 Sep 2001 13:29:58 -0400 Scott Gifford <sgifford@tir.com> wrote:
> I've actually seen the question of how NAT breaks the Internet more
> than a good stateful firewall come up more than once, and haven't
> really seen a satisfactory answer. Where does a stateful firewall
> configured to only allow outgoing connections work that NAT doesn't?
in the case of IPSec, the IP addresses need to be preserved end-to-end
as part of the whole security scheme.
richard
--
Richard Welty Averill Park Networking
rwelty@averillpark.net 518-573-7592