> To me the biggest problem here, is the common situation such that companies
> have separate (and necessary) Internet and Remote Access firewalls. RA
> firewalls exist in multiple global locations within an enterprise.
>
> Multiple instances of the same Private addresses would enter (or exit) the
> enterprise network via Private lines from different companies if not for
> careful configuration management across and negotiation between "NAT
> Administrators", within the enterprise, and between enterprises. The most
> difficult part is the negotiation with client/vendor site NAT Admins as to
> who should NAT which addresses into which addresses. We often need to
> negotiate between 3 RA connected companies. Not only is this painful, but
> one can never sleep comfortably, knowing that a NAT Admin at a 3rd company
> will not make a mistake and connect someone new at our NATed address.
>
> There are not enough Private Addresses to go around.
This sounds to me like more of an argument why private addresses
should be used on networks connected to public networks. It is not
an argument for more private networks but for the move to IPv6 and
the banning of NATs.
Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2
The Kermit Project * Columbia University
612 West 115th St #716 * New York, NY * 10025
http://www.kermit-project.org/k95.html * [EMAIL PROTECTED]
