From owner-freebsd-questions Thu Mar 15 0: 2:39 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtppop2pub.verizon.net (smtppop2pub.gte.net [206.46.170.21]) by hub.freebsd.org (Postfix) with ESMTP id 4080637B719; Thu, 15 Mar 2001 00:02:32 -0800 (PST) (envelope-from res03db2@gte.net) Received: from gte.net (evrtwa1-ar4-4-34-145-186.dsl.gtei.net [4.34.145.186]) by smtppop2pub.verizon.net with ESMTP ; id MAA110143109 Tue, 13 Mar 2001 12:56:47 -0600 (CST) Received: (from res03db2@localhost) by gte.net (8.9.3/8.9.3) id KAA59416; Tue, 13 Mar 2001 10:49:28 -0800 (PST) (envelope-from res03db2@gte.net) Date: Tue, 13 Mar 2001 10:49:27 -0800 From: Robert Clark To: Ted Mittelstaedt Cc: Bob Van Valzah , pW , FreeBSD-Security@FreeBSD.ORG, FreeBSD-Questions@FreeBSD.ORG Subject: Re: Racoon Problem & Cisco Tunnel Message-ID: <20010313104927.A59404@darkstar.gte.net> References: <3AACF40D.4080504@Talarian.Com> <000801c0ab8b$81d99ca0$1401a8c0@tedm.placo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <000801c0ab8b$81d99ca0$1401a8c0@tedm.placo.com>; from tedm@toybox.placo.com on Mon, Mar 12, 2001 at 11:02:03PM -0800 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Ted, do you know of any online guidelines to wrting protocols that function well with NAT? Or maybe a list of protocols that don't work well with NAT? Thanks, [RC] On Mon, Mar 12, 2001 at 11:02:03PM -0800, Ted Mittelstaedt wrote: > >-----Original Message----- > >From: owner-freebsd-questions@FreeBSD.ORG > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bob Van Valzah > >Sent: Monday, March 12, 2001 8:07 AM > >To: pW > >Cc: FreeBSD-Security@FreeBSD.ORG; FreeBSD-Questions@FreeBSD.ORG > >Subject: Re: Racoon Problem & Cisco Tunnel > > > > > >Yes. The five DSL setups with which I'm familiar all grant at least one > >public address per house. I believe all are static, but one might be > >dynamic. Interference with protocols like IPSec is one of the reasons > >why I'd make a public address a requirement when choising a DSL > >provider. When it comes to NAT, I'm with Vint Cerf--avoid it if at all > >possible. Let's hasten the deployment of IPv6. > > > -snip- > > NAT has proven itself reliable and vital and idiot engineers that design TCP > protocols that assume everyone has a public IP number are just architecting > their own failures, and their protocol's subsequent minimizing by the > market. I have some sympathy for protocols like IPSec that came to be > during the same time - but organizational-to-organizational IPSec tunnels > don't have to pass through the NAT - they can terminate on it. But, anyone > doing a new protocol today is a fool if it can't work though a NAT. > > > > Ted Mittelstaedt tedm@toybox.placo.com > Author of: The FreeBSD Corporate Networker's Guide > Book website: http://www.freebsd-corp-net-guide.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message