•
RFC 3022-Traditional IP Network Address Translator (Traditional NAT) (January 2001)
•
RFC 3027-Protocol Complications with the IP Network Address Translator (January
2001)
NAT Configurations
You can configure NAT in several different ways. Each of the following configuration
methods provides a solution for different configuration requirements:
•
Traditional NAT
•
Bidirectional NAT
•
Twice NAT
Traditional NAT
Traditional NAT is the most common method of using address translation. Its primary
use is translating private addresses to legal addresses for use in an external network.
When configured for dynamic operation, hosts within a private network can initiate access
to the external (public) network, but external nodes on the outside network cannot initiate
access to the private network.
Addresses on the private network and public network must not overlap. Also, route
destination advertisements on the public network (for example, the Internet) can appear
within the inside network, but the NAT router does not propagate advertisements of local
routes that reference private addresses out to the public network.
There are two types of traditional NAT—basic NAT and NAPT.
Basic NAT
Basic NAT provides translation for IP addresses only (called a
simple
translation) and
places the mapping into a NAT table. In other words, for packets outbound from the
private network, the NAT router translates the source IP address and related fields (for
example, IP, TCP, UDP, and ICMP header checksums). For inbound packets, the NAT
router translates the destination IP address (and related checksums) for entries that it
finds in its translation table.
CAUTION:
Although NAT is the simplest translation method, it is the least secure. By
not including port or external host information in the translation, basic NAT allows
access to any port of the private host by any external host.
NAPT
Network Address Port Translation (NAPT) extends the level of translation beyond that
of basic NAT; it modifies both the IP address and the transport identifier (for example,
the TCP or UDP port number, or the ICMP query identifier) and places the mapping into
the translation table (this entry is called an
extended
translation). This method can
translate the addresses and transport identifiers of many private hosts into a few external
63
Copyright © 2010, Juniper Networks, Inc.
Chapter 2: Configuring NAT
Summary of Contents for JUNOSE 11.2.X IP SERVICES
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Page 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Page 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Page 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Page 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Page 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Page 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Page 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Page 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Page 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Page 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Page 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Page 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...