Using NAT Rules
256
Nokia IP60 Security Appliance User Guide
reveal the topology of the entire network, the network administrator may want to conceal both routable and
non-routable IP addresses from outside the organization, or even from other parts of the same organization,
in order to enhance security.
The IP60 appliance solves both issues through the use of Network Address Translation (NAT) rules. A
NAT rule is a setting used to change the source, destination, and/or service of specific connections.
Supported NAT Rule Types
The IP60 appliance enables you to define the following types of
custom NAT rules
:
Static NAT (or One-to-One NAT)
. Translation of an IP address range to another IP address range of
the same size.
This type of NAT rule allows the mapping of Internet IP addresses or address ranges to hosts inside the
internal network. This is useful if you want each computer in your private network to have its own
Internet IP addresses.
Hide NAT (or Many-to-One NAT)
. Translation of an IP address range to a single IP address.
This type of NAT rule enables you to share a single public Internet IP address among several
computers, by ―hiding‖ the private IP addresses of the internal computers behind the IP60 appliance’s
single Internet IP address. For more information on Hide NAT, see
How Does Hide NAT Work?
on
page 257.
Few-to-Many NAT
. Translation of a smaller IP address range to a larger IP address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the smaller range to
the IP addresses at the beginning of the larger range. The remaining IP addresses in the larger range
remain unused.
Many-to-Few NAT
. Translation of a larger IP address range to a smaller IP address range.
When this type of NAT rule is used, static NAT is used to map the IP addresses in the larger range to
all but the final IP address in the smaller range. Hide NAT is then used to map all of the remaining IP
addresses in the larger range to the final IP address in the smaller range.
Service-Based NAT
. Translation of a connection's original service to a different service.
The IP60 appliance also supports
implicitly defined NAT rules
. Such rules are created automatically upon
the following events:
Hide NAT is enabled on an internal network
An Allow and Forward firewall rule is defined
Static NAT is configured for a network object (for information, see
Using Network Objects
on
page 134)
NAT rules are received from the Service Center
Implicitly defined NAT rules can only be edited or deleted indirectly. For example, in order to remove a
NAT rule created when a certain network object was defined, you must modify the relevant network object.
The
Address Translation
page displays both custom NAT rules and implicitly defined NAT rules, and it
allows you to create, edit, and delete custom NAT rules.
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......