Network Address Translation
December 2000
20 - 3
Port Address Translation
Normally, NAT maps each private address that needs to be routed to the outside network to a unique IP address
from the pool. However, it is possible for the global address pool to have fewer addresses than the number of
private addresses. In this case, you can configure the Foundry device to use Port Address Translation.
Port
Address Translation
maps a client’s IP address and TCP or UDP port number to both an IP address and a TCP
or UDP port number. In this way, the Foundry device can map many private addresses to the same public
address and use TCP or UDP port numbers to uniquely identify the private hosts.
NOTE:
This type of feature is sometimes called Overloading an Inside Global Address.
In the example in Figure 20.1, the pool contains enough addresses to ensure that every host on the private
network can be mapped to an Internet address in the pool. However, suppose the enterprise implementing this
configuration has only 20 Internet addresses. For example, the pool might be 209.157.1.1/24 – 209.157.1.20/24.
In this case, the pool does not contain enough addresses to ensure that all the hosts in the private network can be
mapped to Internet addresses.
Without Port Address Translation, it is possible that the device will not be able to provide NAT for some hosts.
However, with Port Address Translation, the device can provide NAT for all the hosts by using a unique TCP or
UDP port number in addition to the IP address to map to each host. For example, the device can map the
following addresses:
NAT is mapping the same global IP address to three different private addresses along with their TCP or UDP
ports, but uses a different TCP or UDP port number for each private address to distinguish them. Notice that the
Port Address Translation feature does not attempt to use the same TCP or UDP port number as in the client’s
packet.
The way NAT deals with the client’s TCP or UDP port number depends on whether Port Address Translation is
enabled:
•
Port Address Translation enabled – NAT treats the client’s IP address and TCP or UDP port number as a
single entity, and uniquely maps that entity to another entity consisting of an IP address and TCP or UDP port
number. The NAT entry the device creates in the NAT translation table therefore consists of an IP address
plus a TCP or UDP port number. The device maintains the port type in the translation address:
•
If the client’s packet contains a TCP port number, the device uses a TCP port in the translation address.
•
If the client’s packet contains a UDP port, the device uses a UDP port in the translation address.
The device does not try to use the same TCP or UDP port number for the untranslated and translated
addresses. Instead, the device maps the client IP address plus the TCP or UDP port number to a unique
combination of IP address plus TCP or UDP port number. When the device receives reply traffic to one of
these hosts, NAT can properly translate the Internet address back into the private address because the TCP
or UDP port number in the translation address uniquely identifies the host.
To enable Port Address Translation, use the overload option when you configure the source list, which
associates a private address range with a pool of Internet addresses. See “Configuring Dynamic NAT
Parameters” on page 20-5.
•
Port Address Translation disabled – The device translates only the client’s IP address into another IP address
and retains the TCP or UDP port number unchanged.
Inside address
Outside address
10.10.10.2:6000
209.157.1.2:4000
10.10.10.3:6000
209.157.1.2:4001
10.10.10.4:6000
209.157.1.2:4002
Summary of Contents for Switch and Router
Page 2: ...December 2000 Copyright 2000 by Foundry Networks Inc ...
Page 26: ...Foundry Switch and Router Installation and Configuration Guide xxvi December 2000 ...
Page 64: ...Foundry Switch and Router Installation and Configuration Guide 2 34 December 2000 ...
Page 162: ...Foundry Switch and Router Installation and Configuration Guide 5 38 December 2000 ...
Page 196: ...Foundry Switch and Router Installation and Configuration Guide 6 34 December 2000 ...
Page 208: ...Foundry Switch and Router Installation and Configuration Guide 7 12 December 2000 ...
Page 236: ...Foundry Switch and Router Installation and Configuration Guide 8 28 December 2000 ...
Page 258: ...Foundry Switch and Router Installation and Configuration Guide 9 22 December 2000 ...
Page 420: ...Foundry Switch and Router Installation and Configuration Guide 13 32 December 2000 ...
Page 442: ...Foundry Switch and Router Installation and Configuration Guide 14 22 December 2000 ...
Page 554: ...Foundry Switch and Router Installation and Configuration Guide 15 112 December 2000 ...
Page 574: ...Foundry Switch and Router Installation and Configuration Guide 16 20 December 2000 ...
Page 626: ...Foundry Switch and Router Installation and Configuration Guide 17 52 December 2000 ...
Page 682: ...Foundry Switch and Router Installation and Configuration Guide 18 56 December 2000 ...
Page 826: ...Foundry Switch and Router Installation and Configuration Guide 20 20 December 2000 ...
Page 994: ...Foundry Switch and Router Installation and Configuration Guide 26 10 December 2000 ...
Page 1004: ...Foundry Switch and Router Installation and Configuration Guide B 6 December 2000 ...
Page 1044: ...Foundry Switch and Router Installation and Configuration Guide C 40 December 2000 ...
Page 1048: ...Foundry Switch and Router Installation and Configuration Guide D 4 December 2000 ...
Page 1070: ...Foundry Switch and Router Installation and Configuration Guide Index 18 December 2000 ...