[64031] in North American Network Operators' Group
Re: Block all servers?
daemon@ATHENA.MIT.EDU (Kee Hinckley)
Tue Oct 14 14:35:30 2003
In-Reply-To: <20031014163020.GA557@schlund.net>
Date: Tue, 14 Oct 2003 14:16:58 -0400
To: Stefan Mink <mink@schlund.net>
From: Kee Hinckley <nazgul@somewhere.com>
Cc: ken emery <ken@cnet.com>, nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
At 6:30 PM +0200 10/14/03, Stefan Mink wrote:
>On Sat, Oct 11, 2003 at 08:28:11AM -0700, ken emery wrote:
>> > I use IPSEC and it works fine behind NAT.
>>
>> Yes, it does work, on a small scale. However what if your neighbor
>> wants to IPSEC to the same place (say you work at the same place).
>> If both of you are NAT'd from the same IP address trying to IPSEC
>> to the same IP address? I don't believe things will work in this
>> instance.
>
>why not? We use it here, works fine (with certificates for auth).
From what I've seen it depends on whether the NAT has specific
support for IPSEC, and if that support includes support for multiple
clients. The NAT box has to keep track of the mapping. I've seen
NATs priced based on how many VPN clients they support at a time.
See http://www.dslreports.com/faq/4638
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
