RE: [arin-announce] IPv4 Address Space (fwd)
Kuhtz, Christian wrote:
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great. Yup. there are various proprietary solutions that require us to trash out an expensive and *working* VPN-1 solution, buy an equally expensive and unfamilar solution, and retrain our salesforce in the use of the new software - just to work around NAT. Nice, isn't it?
It is. And you can continue daydreaming and believe NAT will go away if you continue to whine about it. Or you can accept that it exists and deal with it because you got a business to run and don't have the luxury of jumping on one foot until IPv6 is everywhere (and somebody has convinced the telco's that it's really necessary to upgrade all their gear and the involved expense to support it natively). And I bet then still somebody will build an IPv6 NAT box for some bizarro reason. ***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.61"
Kuhtz, Christian wrote:
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great. Yup. there are various proprietary solutions that require us to trash out an expensive and *working* VPN-1 solution, buy an equally expensive and unfamilar solution, and retrain our salesforce in the use of the new software - just to work around NAT. Nice, isn't it? And you can continue daydreaming and believe NAT will go away if you continue to whine about it. Or I can make sure that the services my company buys, either for itself or for its sales force, don't make life harder for us just to make life easier for the supplier. XYZ insists that you route though their NAT? fine, company ABC don't, and
Kuhtz, Christian wrote: they get the business. If I have to put up with NAT getting in the way of NAT-unfriendly applications, then fine - I will work around it when I can, find alternatives when I can't. Doesn't stop me bitching about it though - which at least serves the useful task of letting someone else thinking of investing in (say) VPN-1 know that the problems are out there.
And I bet then still somebody will build an IPv6 NAT box for some bizarro reason. Probably the same idiots who market a NATted dialup as a "security enhanced connection"
And sometimes you use NAT because you really do not want the NAT'ed device to be globally addressible but it needs to have a link to the outside to download updates. Instrument controllers et.al. The wisdom of the design decision to use the internet as the only method to provide software updates is left for individual cogitation. (and no I am not talking about Win[*] products here) Scott C. McGrath
participants (4)
-
Dave Howe -
Gary Blankenship -
Kuhtz, Christian -
Scott McGrath