Our Cisco 30xx *did* NAT transparency.  Our users behind NAT had no 
trouble connecting to it.

  Our user on ComCast could not establish a connection to it.  Their 
AUP said their users couldn't use VPNs, and they configured their 
network to try to prevent it -- successfully, in the case of our NAT-
transparent unit.

  Your description of how NAT-transparency works doesn't sound right. 
Your claim that it solves *this* issue is WRONG.

DG


On 27 Nov 2001, at 8:16, Daniel Ashley wrote:

> By using NAT transparency it shoves it out port 80 instead of 1723 & 500.
> So using NAT transparency as a work-around is relevant to them blocking
> useful ports.
> 
> Daniel
> 
> 
> 
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> [EMAIL PROTECTED]
> Sent: Monday, November 26, 2001 10:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: ISPs that don't allow IPSEC protocol thru
> 
> 
>   I believe it was actually ComCast, a reseller of @home cable
> service.  I believe they block GRE and perhaps also ports used by
> IKE; this has nothing to do with NAT.
>   They also clearly include VPN usage as prohibited by their AUP,
> along with bandwidth reselling and other commercial uses.  So their
> network policy of blocking this traffic is enforcement of a written
> policy by which users are (allegedly) already bound.
> 
> DG
> 
> 
> On 26 Nov 2001, at 17:27, Ron DuFresne wrote:
> 
> >
> > I recall a year or two ago road runner announcing they prohibit ipsec and
> > other security tunnels from their user accounts, they consider such
> > connections other then mere home user accounts and looked to be pucshing
> > for a tad more cash from those 'business' accounts.
> >
> > Thanks,
> >
> > Ron DuFresne
> >
> > On Mon, 26 Nov 2001 [EMAIL PROTECTED] wrote:
> >
> > > Does anyone know where I can find a list of ISP's that DOESN'T let the
> IPSEC protocol thru?  The reason I ask is that my users are asking who they
> can use for VPN's and who they can't.  I am working for a global company, so
> I can't just check with the local ISP's, cause we have workers all
> over the world.
> > >
> > > Thanks in advance for your help
> > >
> > > _______________________________________________
> > > Firewalls mailing list
> > > [EMAIL PROTECTED]
> > > http://lists.gnac.net/mailman/listinfo/firewalls
> > >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > "Cutting the space budget really restores my faith in humanity.  It
> > eliminates dreams, goals, and ideals and lets us get straight to the
> > business of hate, debauchery, and self-annihilation." -- Johnny Hart
> >     ***testing, only testing, and damn good at it too!***
> >
> > OK, so you're a Ph.D.  Just don't touch anything.
> >
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> 
> 
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
> 


_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to