NAPT
Network Address Port Translation (NAPT) extends the level of translation beyond
that of basic NAT; it modifies both the IP address and the transport identifier (for
example, the TCP or UDP port number, or the ICMP query identifier) and places the
mapping into the translation table (this entry is called an
extended
translation). This
method can translate the addresses and transport identifiers of many private hosts
into a few external addresses and transport identifiers, to make efficient use of
globally registered IP addresses.
Similar to basic NAT, for outbound packets NAPT translates the source IP address,
source transport identifier, and related checksum fields. For inbound packets NAPT
translates the destination IP address, destination transport identifier, and checksum
fields.
Bidirectional NAT
Bidirectional (or two-way) NAT adds support to basic NAT for the Domain Name
System (DNS) so public hosts can initiate sessions into the private network, usually
to reach servers intended for public access.
When an outside host attempts to resolve the name of an inside host on a private
network, the NAT router intercepts the DNS reply and installs an address translation
to allow the outside host to reach the inside host by using a public address. When
the outside host initiates a connection with the inside host on the private network,
the NAT router translates that public destination address to the private address of
the inside host and, on the return path, replaces the source address with the advertised
public address.
You might need to perform some additional configuration to allow public access
from the Internet to a DNS server that resides in the private domain. (See
“Bidirectional NAT Example” on page 81.)
The same address space requirements and routing restrictions apply to bidirectional
NAT that were described for traditional NAT. The difference between these two
methods is that the DNS exchange might create entries within the translation table.
Twice NAT
In twice NAT, both the source and destination addresses are subject to translation
as packets traverse the NAT router in either direction. For example, you would use
twice NAT if you are connecting two networks in which all or some addresses in one
network overlap addresses in another network, whether the network is private or
public.
Network and Address Terms
The NAT implementation defines an address realm as either
inside
or
outside
, with
the router that is running NAT acting as the defining boundary between the two
realms.
66
■
Network and Address Terms
JUNOSe 11.0.x IP Services Configuration Guide
Summary of Contents for JUNOSE 11.0.X IP SERVICES
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 0 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 0 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 0 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 0 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 0 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 0 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 0 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 0 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 0 x IP Services Configuration Guide...