On Mon, 2004-09-27 at 16:53, Paul Hoffman / VPNC wrote: > At 12:27 PM +0200 9/27/04, Francis Dupont wrote: > > - I don't believe the protocol works with NATs using global addresses > > on both sides (yes, this is a stupid way to use NATs but one can say > > that using NATs is already stupid :-) > > If you mean "non-private" on both sides, there is a very good reason > for such NATs (well, if you believe that there is any reason for > NATs). You have a Class C from your ISP and have hard-wired values in > dozens of boxes, have gotten certificates for some of the IP > addresses, have hard-wired the IP address in other places, and so on. > One day they call and say "we've changed your IP range just because > we can". Tossing everything behind a NAT using the old addresses > keeps everything working until you can handle the transition. > > --Paul Hoffman, Director > --VPN Consortium As a "Director" (of what that may be) you probably also know of these papers called 'contracts'. Thus make sure you have that sort of stuff in your contract. There was a couple of months ago even some weird company who abused their network and then got disconnected and almost got the court to let them keep their addresses... Not a technical issue and thus irrelevant. Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf