Kuhtz, Christian wrote:
> Seems several commercial clients (such as Cisco's VPN client) offer
> workaround for that (tunneling IPSEC in a TCP session).
Works great.
Yup. there are various proprietary solutions that require us
to trash out an expensive and *working* VPN-1 solution, buy
an equally expensive and unfamilar solution, and retrain our
salesforce in the use of the new software - just to work
around NAT. Nice, isn't it?
It is.
And you can continue daydreaming and believe NAT will go away if you
continue to whine about it.
Or you can accept that it exists and deal with it because you got a business
to run and don't have the luxury of jumping on one foot until IPv6 is
everywhere (and somebody has convinced the telco's that it's really
necessary to upgrade all their gear and the involved expense to support it
natively).
And I bet then still somebody will build an IPv6 NAT box for some bizarro
reason.
Seems several commercial clients (such as Cisco's VPN client) offer
workaround for that (tunneling IPSEC in a TCP session).
Works great.
Yup. there are various proprietary solutions that require us
to trash out an expensive and *working* VPN-1 solution, buy
an equally expensive and unfamilar solution, and retrain our
salesforce in the use of the new software - just to work
around NAT. Nice, isn't it?
And you can continue daydreaming and believe NAT will go away if you
continue to whine about it.
Or I can make sure that the services my company buys, either for itself or
for its sales force, don't make life harder for us just to make life
easier for the supplier.
XYZ insists that you route though their NAT? fine, company ABC don't, and
they get the business.
If I have to put up with NAT getting in the way of NAT-unfriendly
applications, then fine - I will work around it when I can, find
alternatives when I can't.
Doesn't stop me bitching about it though - which at least serves the
useful task of letting someone else thinking of investing in (say) VPN-1
know that the problems are out there.
And I bet then still somebody will build an IPv6 NAT box for some
bizarro reason.
Probably the same idiots who market a NATted dialup as a "security
enhanced connection"
And sometimes you use NAT because you really do not want the NAT'ed device
to be globally addressible but it needs to have a link to the outside to
download updates. Instrument controllers et.al.
The wisdom of the design decision to use the internet as the only method
to provide software updates is left for individual cogitation. (and no I
am not talking about Win[*] products here)