RE: [arin-announce] IPv4 Address Space (fwd)
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great.
-----Original Message----- From: Greg Maxwell [mailto:gmaxwell@martin.fl.us] Sent: Wednesday, October 29, 2003 9:56 AM To: Avleen Vig Cc: Simon Lockhart; Dave Howe; Email List: nanog Subject: Re: [arin-announce] IPv4 Address Space (fwd)
On Wed, 29 Oct 2003, Avleen Vig wrote:
Indeed, and IPSec tunnels are frequently done between routers on networks, rather than individual hosts on networks (at least in most multi-site enterprises i've seen).
The most common use of VPN links is the roadwarrior. IPSEC in this context is broken badly by NAT. Even when the extensive hackery required to workaround NAT is enabled, it still can not work in the case where two roadwarriors are behind a single address connecting to the same VPN gateway.
***** "The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers.60"
Kuhtz, Christian wrote:
Seems several commercial clients (such as Cisco's VPN client) offer workaround for that (tunneling IPSEC in a TCP session). Works great. Yup. there are various proprietary solutions that require us to trash out an expensive and *working* VPN-1 solution, buy an equally expensive and unfamilar solution, and retrain our salesforce in the use of the new software - just to work around NAT. Nice, isn't it?
participants (2)
-
Dave Howe
-
Kuhtz, Christian