Two VLANs, One Subnet

Corey Edwards tensai at zmonkey.org
Fri Mar 9 23:57:49 MST 2007


On Thu, 2007-03-08 at 23:32 -0700, Michael Torrie wrote:
> On Thu, 2007-03-08 at 22:06 -0700, Hans Fugal wrote:
> > Absolutely not. NAT is out of the question. NAT always causes more
> > problems than it solves, even in enterprise. In enterprise, you have
> > full-time sysadmins to go around chasing NAT issues and keeping a
> > semblance of normalcy. I know, I used to be one. I will set my network
> > up and just let it run. I will not be a slave to NAT.
> 
> I disagree.  Static one-to-one NAT (think of it as a layer 3 bridge) is
> clean and effective.  You do just set it up once and let it run.  No
> one's a slave to anything.  Once you introduce dynamic NATing, then,
> yes, you will likely have problems.  I have never had to chase down NAT
> problems.  It just works.  What problems have you observed?

Yes, NAT is definitely better than PAT but I'm still not sold. I'd be
interested in your opinion of why that's any better than using normal IP
addresses with a good set of firewall policies. The only decent one I
can think of is saving IP addresses, but I like to ignore that one in
the vain hope that someday IP addresses will be as doled out in large
quantities.

Corey





More information about the PLUG mailing list