On Wed, 15 Aug 2001 11:07:21 EDT, you said:
Using a NAT in a NOC situation makes audit trails harder to maintain, as all administrative connections to your network devices will appear to come from (one of) the address(es) of the NAT device.
Right. That too - that's why I advised against it. Choices I see as reasonable: 1) A totally isolated management net in 1918 space. 2) A totally isolated management net in your space. 3) A firewalled management net in your space. 4) A management net in 1918 space, and a bastion host that lives in the 1918 space and your space to get stuff in/out with (no direct connections available - copy stuff to the bastion from one side, then copy out from the other). Of course, for options (3) and (4) you need to have a very clear understanding of how you are handling security for the management net. And for options (1) and (2), you need to be careful that it *does* stay isolated - all it takes is one router that's forwarding packets for it to change into (3) or (4). ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech