>I have a client who has an IP network based on a non-registered B class
>address. They wish to connect to the Internet and can either:
The easiest mechaism would be to use a translating system to exchange internal
IP addresses for external ones. If inward access is needed, those machines
will have to have fixed assigned addresses. For outward addresses, the
assignments could be on a dynamic "as needed" basis from a pool.
This has two advantages:
1) The internal addresses do not have to change
2) Some slight security is added since inside addresses are useless on the
outside and there can be a single controlled translation point.
If the inside addresses map easily (through logic rather than a table) then
performance would not be impacted. If not, the size of the table/power of
the translater could come into question.
The other alternative would be to use a proxy host for both inward and outward
access. This is not as good since it must be sized to handle actual sessions
rather than just packet header modification and would be less convenient
to use. Nonetheless this would allow better access control so long as it
could be trusted.
Just some thoughts,
Padgett
Follow-Ups:
|
|
