Mailinglist Archive: opensuse (1837 mails)

< Previous Next >
Re: [opensuse] Moving to IPv6
  • From: James Knott <james.knott@xxxxxxxxxx>
  • Date: Sat, 11 Sep 2010 07:37:37 -0400
  • Message-id: <4C8B6A01.9020607@xxxxxxxxxx>
Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
> future.
I'm primarily interested in the bottom line; what happens in the near
future might well affect that, but I don't see it affecting my use of
NAT on my local networks.

You have a new customer, who finds they can only get a NAT address from the ISP. They also want VPN access to their network. How would you arrange that? If they get a real IP address and use NAT internally, you could still run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy. As I've mentioned in another note, NAT rules out IPSecauthentication headers. This means that even if a company has a real address, where the vpn terminates and you want to connect from home, where you use NAT, you can't use that security feature.

Perhaps NAT is fine for you right now, but what happens tomorrow when you want to use something that fails with NAT?
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
This Thread
Follow Ups