> I really really REALLY dislike IPSec because it does not work > well with NAT(IPSec and PPTP were designed in such a way that > they don't work well with NAT). That is not a reason to dislike IPsec; it is a reason to dislike NAT. NAT is a nasty kludge designed to work around the fact that IPv4 has too small an address space for modern Internetworking needs. That said, I use NAT at home, because I can only get a single IP address. Just run IPsec on the NAT box and don't worry about the other nasty kludges like the Cisco thing. Either that or use IPv6, where there is no need for NAT or masquerading or anything like that. > I have gone into more details on this list several times in > the past, so try checking the archives if you would like more > evidence on why I really despise IPSec for VPNs. > > It's great for intra-network communications where both systems > are on the same subnet though. ... And ideal for subnet-to-subnet or host-to-subnet inter-network VPNs. Its standards-based nature means that it can be made to work with products by numerous other vendors, which is incredibly useful if you need to run a VPN to to a remote site like an office or school. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
Attachment:
pgp5uP_t1QwgQ.pgp
Description: PGP signature