* Fergie: > I disagree with your statement on NAT end-points not being "publicly > accessible" -- that's certainly not true, and a myth that needs to be > finally killed.
>From a security point of view, they are still accessible. From an operational point of view, they are not, at least not on the original IP layer, and if you aren't using 1:1 NAT. Nevertheless, I think that the "publicly accessible" criterion is flawed because it is too murky. But something similar is necessary to implement the corporate networks exception.