quietly....

david raistrick drais at icantclick.org
Thu Feb 3 20:38:47 UTC 2011


On Thu, 3 Feb 2011, Valdis.Kletnieks at vt.edu wrote:

> The only reason FTP works through a NAT is because the NAT has already 
> been hacked up to further mangle the data stream to make up for the 
> mangling it does.

Speaking of should-have-died-years-ago.  FTP fits that category well. ;)

> I'm told that IPSEC through a NAT can be interesting too...  And that's
> something I'm also told some corporations are interested in.

NAT traversal for ipsec was sorted out more than a few years ago with 3 or 
4 different methods in play.   I dropped out of that market about the time 
it came to light, but as a ipsec end user I haven't had NAT problems going 
back as far as 2006 for sure, possibily further.


(the original problem was that only 1 user behind 1 IP could speak ipsec 
because it uses a specific protocol, not a port, that can only be 1-to-1. 
I'll leave it as an exercise for the reader to figure out that was magiced 
around without requiring the NAT devices to do anything.  and ssl doesn't 
count. :)


--
david raistrick        http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org             http://www.expita.com/nomime.html





More information about the NANOG mailing list