[c-nsp] *** GMX Spamverdacht *** RE: IPSEC over NAT - what am I missing?
David Barak
thegameiam at yahoo.com
Sat Jan 26 19:46:08 EST 2013
On Jan 26, 2013, at 3:35 PM, Nick Hilliard <nick at foobar.org> wrote:
> On 26/01/2013 19:47, Garry wrote:
>> turns out after all that the AH seems to be the cause of the problem
>
> Personally, I would be very happy if AH disappeared because it does nothing
> except cause trouble.
>
> Nick
And again, I'll mention that there are those of us who specifically *rely* on AH breaking NAT, so that we can demonstrate that NAT has not occurred across specific non-Internet IP infrastructures. It's a corner case, but a valid corner case, especially in the world of security. AH is useful enough for a small number of people to be preserved.
David Barak
Sent from a mobile device, please forgive autocorrection.
More information about the cisco-nsp
mailing list