[arin-announce] IPv4 Address Space (fwd)

• Previous message (by thread): [arin-announce] IPv4 Address Space (fwd)
• Next message (by thread): [arin-announce] IPv4 Address Space (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

However, what is authenticated in the IPSEC datagrams is the addresses
of the IKE gateways (the routers).  The fact that an entire netblock
exists within the tunnel is not especially relevant to the part
that suffers from NAT breakage.

Owen


--On Wednesday, October 29, 2003 3:14 AM -0800 Avleen Vig 
<lists-nanog at silverwraith.com> wrote:

>
> On Wed, Oct 29, 2003 at 11:03:11AM +0000, Simon Lockhart wrote:
>> No.
>> Anything that relies on knowing which host it is talking to by looking at
>> the source address of packets breaks.
>> Plenty of UDP based apps work over NAT.
>
> Indeed, and IPSec tunnels are frequently done between routers on
> networks, rather than individual hosts on networks (at least in most
> multi-site enterprises i've seen).



-- 
If it wasn't signed, it probably didn't come from me.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 186 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20031029/7b1d69a0/attachment.sig>

• Previous message (by thread): [arin-announce] IPv4 Address Space (fwd)
• Next message (by thread): [arin-announce] IPv4 Address Space (fwd)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]