On Wed, 18 Jun 2003 16:06:08 PDT, Eric Rescorla said: > Melinda Shore <mshore@cisco.com> writes: > > Not really. For example, ftp as originally defined doesn't > > work through NATs, and no standard VoIP or multimedia > > conferencing protocol works through NAT. > None of these things worked real well through firewalls either, > which is sort of my point. There's a *crucial* distinction here: If it doesn't work through a firewall, it's because the firewall is doing what you ASKED it to do - block certain classes of connections. If it doesn't work through a NAT, it's because the NAT is FAILING to do what you asked it to do - allow transparent connections from boxes behind the NAT. Unless of course you're deploying NAT for some reason *OTHER* than transparent connections? Are you trying to get your money's worth because you paid for the extra-deluxe "works most of the time but breaks some apps" version? Or is the only reason you have NAT at all because you bought some vendor's "connection appliance in a box" that proceeded to NAT you regardless of your desires?
Attachment:
pgp00272.pgp
Description: PGP signature