NAT Overview
1813
NAT Functionalities
Many-to-many NAT and NAT control
As depicted in
Figure 526
, when an internal network user accesses an external
network, NAT uses an external or public IP address to replace the original internal
IP address. In
Figure 526
, this address is the outbound interface address (a public
IP address) of the NAT gateway. This means that all internal hosts use the same
external IP address when accessing external networks. In this scenario, only one
host is allowed to access external networks at a given time. Hence, it is referred to
as “one-to-one NAT”.
Another form of NAT solves this problem by allowing the NAT gateway to have
multiple public IP addresses. When the first internal host accesses external
networks, NAT chooses a public IP address for it, records the mapping between
the two addresses and transfers data packets. When the second internal host
accesses external networks, a similar process happens, but this time another public
IP address is used, and so are the remaining internal hosts. In this way, multiple
internal hosts can access the external networks simultaneously. This type of NAT is
called “many-to-many NAT”.
n
The number of public IP addresses an NAT gateway has is far less than the number
of internal hosts, because not all internal hosts will access the external networks at
the same time. The number of necessary public IP addresses should be determined
based on the statistics on the number of the hosts that might access external
networks during peak time.
In practice, an enterprise may need to allow some internal hosts to access external
networks while prohibiting others. This can be achieved through the NAT control
mechanism. If a source IP address is among those addresses that have been denied
access to external networks, the NAT gateway will not translate this address.
The “many-to-many NAT” can be realized through definition of an address pool
whereas NAT control can be achieved through ACLs.
■
Address pool: a set of consecutive public IP addresses intended for address
translation. The address pool should be configured according to the number of
legal IP addresses, the number of internal hosts, and the actual network
requirements. The NAT gateway will select an address from the address pool
and use it as the source public IP address during address translation.
■
NAT control through ACLs: NAT is only applied to the packets that match the
ACL rules. This makes the use of NAT more flexible.
NAPT
Another form of NAT is network address port translation (NAPT for short). NAPT
allows multiple internal addresses to be mapped to the same external public IP
address, namely “multiple-to-one NAT”, or “address multiplexing”.
The destination addresses of the packets from different internal hosts are mapped
to the same external IP address but with different port numbers. In other words,
NAPT maps the combination of a private IP address and a port number to the
combination of a public IP address and a port number.
Figure 527
depicts an NAPT process.
Summary of Contents for MSR 50 Series
Page 152: ...152 CHAPTER 5 ATM CONFIGURATION...
Page 210: ...210 CHAPTER 6 DCC CONFIGURATION...
Page 234: ...234 CHAPTER 7 DLSW CONFIGURATION...
Page 344: ...344 CHAPTER 14 X 25 AND LAPB CONFIGURATION...
Page 350: ...350 CHAPTER 15 LINK AGGREGATION OVERVIEW...
Page 358: ...358 CHAPTER 17 MODEM CONFIGURATION...
Page 486: ...486 CHAPTER 23 MSTP CONFIGURATION...
Page 506: ...506 CHAPTER 25 VOICE VLAN CONFIGURATION...
Page 510: ...510 CHAPTER 26 PORT ISOLATION CONFIGURATION...
Page 524: ...524 CHAPTER 27 DYNAMIC ROUTE BACKUP CONFIGURATION...
Page 538: ...538 CHAPTER 28 LOGICAL INTERFACE CONFIGURATION...
Page 548: ...548 CHAPTER 29 CPOS INTERFACE CONFIGURATION...
Page 572: ...572 CHAPTER 32 DHCP OVERVIEW...
Page 604: ...604 CHAPTER 36 DHCP SNOOPING CONFIGURATION...
Page 608: ...608 CHAPTER 37 BOOTP CLIENT CONFIGURATION...
Page 646: ...646 CHAPTER 42 IP UNICAST POLICY ROUTING CONFIGURATION...
Page 650: ...650 CHAPTER 43 UDP HELPER CONFIGURATION...
Page 738: ...738 CHAPTER 50 IPV6 UNICAST POLICY ROUTING CONFIGURATION...
Page 770: ...770 CHAPTER 51 TERMINAL ACCESS CONFIGURATION...
Page 798: ...798 CHAPTER 52 FEP INSTALLATION AND CONFIGURATION...
Page 808: ...808 CHAPTER 53 TERMINAL ACCESS TROUBLESHOOTING...
Page 814: ...814 CHAPTER 54 TERMINAL ACCESS FAQ...
Page 824: ...824 CHAPTER 55 IP ROUTING OVERVIEW...
Page 876: ...876 CHAPTER 56 BGP CONFIGURATION...
Page 916: ...916 CHAPTER 57 IS IS CONFIGURATION...
Page 970: ...970 CHAPTER 58 OSPF CONFIGURATION...
Page 1006: ...1006 CHAPTER 60 ROUTING POLICY CONFIGURATION...
Page 1013: ...Configuration Example 1013 3 1 ms 1 ms 1 ms 1 1 2 2 Trace complete...
Page 1014: ...1014 CHAPTER 61 STATIC ROUTING CONFIGURATION...
Page 1048: ...1048 CHAPTER 63 IPV6 IS IS CONFIGURATION...
Page 1068: ...1068 CHAPTER 64 IPV6 OSPFV3 CONFIGURATION...
Page 1080: ...1080 CHAPTER 65 IPV6 RIPNG CONFIGURATION...
Page 1114: ...1114 CHAPTER 68 MULTICAST ROUTING AND FORWARDING CONFIGURATION...
Page 1160: ...1160 CHAPTER 70 MSDP CONFIGURATION...
Page 1234: ...1234 CHAPTER 73 MLD CONFIGURATION...
Page 1278: ...1278 CHAPTER 74 IPV6 PIM CONFIGURATION...
Page 1310: ...1310 CHAPTER 75 MULTICAST VPN CONFIGURATION...
Page 1344: ...1344 CHAPTER 76 MPLS BASICS CONFIGURATION...
Page 1458: ...1458 CHAPTER 78 MPLS L2VPN CONFIGURATION...
Page 1556: ...1556 CHAPTER 79 MPLS L3VPN CONFIGURATION...
Page 1588: ...1588 CHAPTER 80 DVPN CONFIGURATION...
Page 1648: ...1648 CHAPTER 85 QOS POLICY CONFIGURATION...
Page 1696: ...1696 CHAPTER 89 MPLS QOS CONFIGURATION...
Page 1708: ...1708 CHAPTER 90 DAR CONFIGURATION...
Page 1728: ...1728 CHAPTER 91 FRAME RELAY QOS CONFIGURATION...
Page 1750: ...1750 CHAPTER 92 802 1X CONFIGURATION...
Page 1788: ...1788 CHAPTER 93 AAA RADIUS HWTACACS CONFIGURATION...
Page 1810: ...1810 CHAPTER 95 MAC AUTHENTICATION CONFIGURATION...
Page 1850: ...1850 CHAPTER 97 PKI CONFIGURATION...
Page 1872: ...1872 CHAPTER 98 PORTAL CONFIGURATION...
Page 1970: ...1970 CHAPTER 106 BACKUP CENTER CONFIGURATION...
Page 2048: ...2048 CHAPTER 110 NETSTREAM CONFIGURATION...
Page 2084: ...2084 CHAPTER 112 RMON CONFIGURATION...
Page 2094: ...2094 CHAPTER 113 SNMP CONFIGURATION...
Page 2114: ...2114 CHAPTER 115 FTP CONFIGURATION...
Page 2124: ...2124 CHAPTER 117 SYSTEM MAINTAINING AND DEBUGGING...
Page 2154: ...2154 CHAPTER 119 INFORMATION CENTER CONFIGURATION...
Page 2170: ...2170 CHAPTER 121 MAC ADDRESS TABLE MANAGEMENT CONFIGURATION...
Page 2186: ...2186 CHAPTER 123 POE CONFIGURATION...
Page 2198: ...2198 CHAPTER 125 ACFP CONFIGURATION...
Page 2206: ...2206 CHAPTER 126 ACSEI CONFIGURATION...
Page 2216: ...2216 CHAPTER 127 TRACK CONFIGURATION...
Page 2232: ...2232 CHAPTER 128 IPX CONFIGURATION...
Page 2242: ...2242 CHAPTER 129 VOICE OVERVIEW...
Page 2244: ...2244 CHAPTER 130 VOIP OVERVIEW...
Page 2288: ...2288 CHAPTER 132 VOICE ENTITY CONFIGURATION...
Page 2342: ...2342 CHAPTER 134 E1 AND T1 CONFIGURATION...
Page 2354: ...2354 CHAPTER 135 FAX OVER IP CONFIGURATION...
Page 2366: ...2366 CHAPTER 136 H 323 CONFIGURATION...
Page 2384: ...2384 CHAPTER 137 SIP OVERVIEW...