[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Remote access from NAT domains
This behaviour is documented at
Beauty with out truth is insubstantial.
Truth without beauty is unbearable.
> -----Original Message-----
> From: owner-ietf-ipsra@xxxxxxxxxxxxx
> [mailto:owner-ietf-ipsra@xxxxxxxxxxxxx]On Behalf Of Scott G. Kelly
> Sent: Friday, April 14, 2000 1:29 PM
> To: Mike Borella
> Cc: W. Mark Townsley; Jim Tiller; ietf-ipsra@xxxxxxxx
> Subject: Re: Remote access from NAT domains
> Mike Borella wrote:
> > I believe that the Linux NAT guesses SPI to host mappings.
> Supposedly this
> > works reasonably well in some situations, though it is
> admittedly not robust.
> > And there always is RSIP, which allows translation
> transparency and IPSEC at the
> > cost of
> > a little more work on the part of the host and gateway.
> > -Mike
> Yes, I have used the linux nat implementation in this manner.
> I think it
> only has problems if 2 hosts behind the box use the same spi
> (not likely
> if they use random spi's).
> Does anyone have any sense of when we will begin to see
> commercial rsip