[64613] in North American Network Operators' Group
Re: [arin-announce] IPv4 Address Space (fwd)
daemon@ATHENA.MIT.EDU (Greg Maxwell)
Wed Oct 29 10:10:10 2003
Date: Wed, 29 Oct 2003 09:55:31 -0500 (EST)
From: Greg Maxwell <gmaxwell@martin.fl.us>
To: Avleen Vig <lists-nanog@silverwraith.com>
Cc: Simon Lockhart <simon.lockhart@bbc.co.uk>,
Dave Howe <DaveHowe@gmx.co.uk>, "Email List: nanog" <nanog@nanog.org>
In-Reply-To: <20031029111420.GS792@silverwraith.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, 29 Oct 2003, Avleen Vig wrote:
> Indeed, and IPSec tunnels are frequently done between routers on
> networks, rather than individual hosts on networks (at least in most
> multi-site enterprises i've seen).
The most common use of VPN links is the roadwarrior.
IPSEC in this context is broken badly by NAT. Even when the extensive
hackery required to workaround NAT is enabled, it still can not work in
the case where two roadwarriors are behind a single address connecting to
the same VPN gateway.
