With the proliferation of IPv6 I hear more and more often that NAT is a great security mechanism because it hides your intranet infrastructure from outsiders, and how unfit IPv6 is for enterprise networks because it lacks the notion of NAT which makes IPv6 networks so very very much insecure.
Do you have good conter-arguments?
Indeed, in some corporate networks I've seen, the use of the RFC1918 address space is written into security guidelines as a requirement.
Then again, as I come to think of it, even if your IPv6 intranet has a good firewall on the border, your internal network addresses are still exposed to the Internet. Is that a problem?
