- I don't believe the protocol works with NATs using global addresses on both sides (yes, this is a stupid way to use NATs but one can say that using NATs is already stupid :-)
If you mean "non-private" on both sides, there is a very good reason for such NATs (well, if you believe that there is any reason for NATs). You have a Class C from your ISP and have hard-wired values in dozens of boxes, have gotten certificates for some of the IP addresses, have hard-wired the IP address in other places, and so on. One day they call and say "we've changed your IP range just because we can". Tossing everything behind a NAT using the old addresses keeps everything working until you can handle the transition.
--Paul Hoffman, Director --VPN Consortium
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf