Valdis, > Valdis Kletnieks wrote: > If it doesn't work through a firewall, it's because the > firewall is doing what you ASKED it to do - block certain > classes of connections. I'm sorry but it is nothing near being that simple. Although if it does not work through a firewall, it MAYBE because the firewall does block a class of traffic (more likely because someone forgot to punch the right hole), there are _plenty_ of other reasons why it does not work through a firewall, one of the top ones being asymmetric traffic when there is more than one exit point and the firewall hard state not being distributed. > Melinda Shore <mshore@cisco.com> writes: > None of these things worked real well through firewalls > either, which is sort of my point. Melinda's point is perfectly valid. To quote Brian Carpenter, state is evil and distributed state is worse. Unfortunately, they are part of the network engineer's life. Michel.