Masataka Ohta wrote: > > Martin Rex wrote: > > > >> According to your theory, a universal NAT traversal protocol > >> should already exists. > > > > Correct. It is called the HTTP CONNECT method. > > If, with your definition of "traversal", tunneling is a form > of traversal, tunneling by IPSEC is a standard firewall > traversal protocol and is much better than HTTP CONNECT > because of UDP. Not quite. Tunneling needs matching configurations on both ends, and that rarely works, in particular on a global scale with peers you do not know a-priori. In the general case you have only control (and can modify) the behaviour of your endpoints and nearby middle boxes on your side of the network, and the other side is either accessible or not. Home DSL routers usually do NAT. For outgoing connections, they're transparent. For incoming connections, it is either possible to configure static mappings (external->internal) or there might be some dynamic configurability through UPnP. UDP included. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf