> Melinda Shore <mshore@cisco.com> writes: > > > What applications that people want to run--and the IT managers would > > > want to enable--are actually inhibited by NAT? It seems to me that > > > most of the applications inconvenienced by NAT are ones that IT > > > managers would want to screen off anyway. > > > > Not really. For example, ftp as originally defined doesn't > > work through NATs, and no standard VoIP or multimedia > > conferencing protocol works through NAT. > None of these things worked real well through firewalls either, > which is sort of my point. This certainly has not been my experience. All of my equipment is behind a firewall, but I have two sets of IP address - a small set of carefully hoarded global addresses and a much larger set of NATed addresses. Whenever I add something (which it seems is often) I first try it with a NATted address. If that doesn't work I am forced to switch it to a global address. All too often (VoIP phone, video conferencing, file sharing, etc.) I am forced to switch to a global address before things work properly. The firewall, on the other hand, has only been a problem once, and that was because of an unfortunate lack of flexibility in its handling of a fairly unusual setup involving FTP. A patch readily solved the problem. NAT being an issue hasn't escaped the notice of vendors. My VoIP phone's documentation discussed NAT problems at some length, but the proposed solution -- use a specific NAT product that has been gimmicked to work correctly -- isn't always a viable option. Ned