Prestige 2602RL-D3A Support Notes
All contents copyright (c) 2007 ZyXEL Communications Corporation.
18
Using NAT / Multi-NAT
What is Multi-NAT?
NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet Protocol address used
within one network to a different IP address known within another network. One network is designated the
inside
network and the other is the
outside
. Typically, a company maps its local inside network addresses to one
or more global outside IP addresses and "unmaps" the global IP addresses on incoming packets back into local
IP addresses. The IP addresses for the NAT can be either fixed or dynamically assigned by the ISP. In addition,
you can designate servers, e.g., a web server and a telnet server, on your local network and make them
accessible to the outside world. If you do not define any servers, NAT offers the additional benefit of firewall
protection. In such case, all incoming connections to your network will be filtered out by the Prestige, thus
preventing intruders from probing your network.
The SUA feature that the Prestige supports previously operates by mapping the private IP addresses to a global
IP address. It is only one subset of the NAT. The Prestige with ZyNOS V3.40 supports the most of the features
of the NAT based on RFC 1631, and we call this feature as 'Multi-NAT'. For more information on IP address
translation, please refer to RFC 1631,
The IP Network Address Translator (NAT)
.
How NAT works
If we define the local IP addresses as the Internal Local Addresses (ILA) and the global IP addresses as the
Inside Global Address (IGA), see the following figure. The term 'inside' refers to the set of networks that are
subject to translation. NAT operates by mapping the ILA to the IGA required for communication with hosts on
other networks. It replaces the original IP source address (and TCP or UDP source port numbers) and then
forwards each packet to the Internet ISP, thus making them appear as if they had come from the NAT system
itself (e.g., the Prestige router). The Prestige keeps track of the original addresses and port numbers so incoming
reply packets can have their original values restored.