Most of the NAT boxes allow you to use IPv6. There are several protocols that allow it. The simpler one http://www.rfc-editor.org/cgi-bin/iddoctype.pl?letsgo=draft-palet-v6ops-proto41-nat-03 Regards, Jordi ----- Original Message ----- From: "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> To: "'Jeroen Massar'" <jeroen@xxxxxxxxx>; "Hallam-Baker, Phillip" <pbaker@xxxxxxxxxxxx> Cc: <ietf-mxcomp@xxxxxxx>; <ietf@xxxxxxxx> Sent: Thursday, March 04, 2004 10:44 AM Subject: RE: MBONE access? > > > Equally flawed and useless are the H.323 protocols that do not > > > tunnel through NAT or even work with a firewall in a remotely > > > acceptable fashion. > > > > NAT is the big bad dog here, that is what breaks the > > end to end connectivity. <restart NAT war /> > > In case you had not noticed there are now tens of millions of NAT > devices in use. End users are not going to pay $10 per month for > an extra IP address when they can connect unlimited numbers of > devices to the net using a $40 NAT box. > > The NAT war has been over for years, NAT won. The problem is that > the IETF still has not come to terms with that fact. > > The Internet was designed to be a network of networks. The core > architecture is NOT end-to-end, that is a political shiboleth that > has been imposed later. > > The features of the Internet that work are the ones that work within > the end-to-end model. The features that are failures are the ones > where the end-to-end model is bogus. > > The security world has long since realised that exclusive relianance > on end-to-end security is bogus. I don't know of any serious security > professionals who now claim that firewalls are bogus or that they > will go away as the myth has it. Perimeter security is here to stay. > > In the case of H323 the problem is not just NAT, it is the derranged > protocol which uses a block of 3000 odd TCP/IP ports to receive > messages on. there is no way that this is consistent with good > firewall management - unless you go to some pretty sophisticated > additional control to open up and shut down the ports as required. > > As for IPv6, the only feasible way to deploy it is by co-opting those > NAT boxes. > > Phill > ********************************** Madrid 2003 Global IPv6 Summit Presentations and videos on line at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.