North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Block all servers?

  • From: Kee Hinckley
  • Date: Tue Oct 14 14:37:52 2003

At 6:30 PM +0200 10/14/03, Stefan Mink wrote:
On Sat, Oct 11, 2003 at 08:28:11AM -0700, ken emery wrote:
 > I use IPSEC and it works fine behind NAT.

 Yes, it does work, on a small scale.  However what if your neighbor
 wants to IPSEC to the same place (say you work at the same place).
 If both of you are NAT'd from the same IP address trying to IPSEC
 to the same IP address?  I don't believe things will work in this
 instance.
why not? We use it here, works fine (with certificates for auth).
From what I've seen it depends on whether the NAT has specific support for IPSEC, and if that support includes support for multiple clients. The NAT box has to keep track of the mapping. I've seen NATs priced based on how many VPN clients they support at a time.

See http://www.dslreports.com/faq/4638
--
Kee Hinckley
http://www.messagefire.com/ Next Generation Spam Defense
http://commons.somewhere.com/buzz/ Writings on Technology and Society

I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.