At my Univ., networks extension are also not allowed. Why? Mainly due to the complexity of tracking down a host involved in copyright issues (DMCA) and inforcing NAC at a granular level (porting off a single student vs every student sitting behind a NAT device).

Unless a VM with NAT is setup and users are allowed to RDEP/SSH into it as point of egress through the routable IP, I would say this is not a network extension in the spirit of our policy.