Re: Distributing site-wide RFC 3484 policy

[Arifumi Matsumoto <arifumi@nttv6.net>]

Jun-ichiro itojun Hagino wrote:
> > > 	as i mentioned previously, VPN is about how to
> > > 	- encrypt/authenticate communication with your laptop and your
> > > 	  organization (like IBM)
> > > 	- and pretend that you are inside your organization network
> > >
> > > 	there's no real point in using, or requiring, ULA for this.
> > > 	you can just use IBM PI or PA for the IPv4/v6 address inside the
> > > 	IPsec tunnel.  i wonder what Apple corporate VPN is using - i guess
> > > 	it would be within 17.0.0.0/8.
> > Please think about a case like you wanna use the Internet at home and at 
> > the same time the enterprise network via VPN connection.
> > The address you get from the latter network is IPv6 global address but 
> > its scope is limited to the enterprise network.
>
> 	so do you mean that your enterprise does not have external connectivity?

External connectivity isn't necessarily available for VPN users,
because VPN connection is usually for retrieving resources in
enterprise network like e-mail and web pages.
Even if it's available, you may not love to use degraded-quality
connectivity instead of not degraded one.

> 	how do you use Google from your enterprise, for instance?

We are told to use home-made search engine, instead of Google ;)