James Knott wrote:
Per Jessen wrote:
Sure, if you're not interested in what happens in the not to distant
future.
I'm primarily interested in the bottom line; what happens in the near future might well affect that, but I don't see it affecting my use of NAT on my local networks.
You have a new customer, who finds they can only get a NAT address from the ISP. They also want VPN access to their network. How would you arrange that?
Impossible for you to know, but my customers networks are none of my concern. Regardless, what you're asking is impossible unless you've got at least one routable IP for that customer.
If they get a real IP address and use NAT internally, you could still run a VPN to their firewall, but what if they want to have VPNs directly to computers behind their firewall? Now things start to get messy.
A bit far fetched I think, but it's up the customer to sort out, not me.
As I've mentioned in another note, NAT rules out IPSecauthentication headers. This means that even if a company has a real address, where the vpn terminates and you want to connect from home, where you use NAT, you can't use that security feature.
Correct. Still doesn't affect _my_ bottom line.
Perhaps NAT is fine for you right now, but what happens tomorrow when you want to use something that fails with NAT?
If it's mission critical, I'll sort it out when the time comes. -- Per Jessen, Zürich (19.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org