Kuhtz, Christian wrote:
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great. Yup. there are various proprietary solutions that require us to trash out an expensive and *working* VPN-1 solution, buy an equally expensive and unfamilar solution, and retrain our salesforce in the use of the new software - just to work around NAT. Nice, isn't it? And you can continue daydreaming and believe NAT will go away if you continue to whine about it. Or I can make sure that the services my company buys, either for itself or for its sales force, don't make life harder for us just to make life easier for the supplier. XYZ insists that you route though their NAT? fine, company ABC don't, and
Kuhtz, Christian wrote: they get the business. If I have to put up with NAT getting in the way of NAT-unfriendly applications, then fine - I will work around it when I can, find alternatives when I can't. Doesn't stop me bitching about it though - which at least serves the useful task of letting someone else thinking of investing in (say) VPN-1 know that the problems are out there.
And I bet then still somebody will build an IPv6 NAT box for some bizarro reason. Probably the same idiots who market a NATted dialup as a "security enhanced connection"