[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipsec
Subject:    Re: IPSEC and NAT
From:       Karl Fox <karl () Ascend ! COM>
Date:       1997-08-19 22:22:37
[Download RAW message or body]

Yan-Fa LI writes:
> Why not push the problem out to the individual hosts ?  Have the hosts
> have virtual network interfaces that appear to be on the
> Internal/Virtual network, just like PPP.  This avoids many of the
> inherent problems of NAT.  I remember that Bellovin and Cheswick wrote a
> paper on just this idea some years ago.

Because NAT-in-a-box requires one currently available box, while doing
the virtual network interface on every desktop requires currently
unavailable software on every desktop.
-- 
Karl Fox, servant of God, employee of Ascend Communications
655 Metro Place South, Suite 370, Dublin, Ohio  43017   +1 614 760 4041

[prev in list] [next in list] [prev in thread] [next in thread]