What Nat Does; How Nat Works; Nat Mapping Types - ZyXEL Communications Vantage CNM User Manual

Vantage CNM User's Guide

9.1.2 What NAT Does

In the simplest form, NAT changes the source IP address in a packet received from a
subscriber (the inside local address) to another (the inside global address) before forwarding
the packet to the WAN side. When the response comes back, NAT translates the destination
address (the inside global address) back to the inside local address before forwarding it to the
original inside host. Note that the IP address (either local or global) of an outside host is never
changed.
The global IP addresses for the inside hosts can be either static or dynamically assigned by the
ISP. In addition, you can designate servers (for example a web server and a telnet server) on
your local network and make them accessible to the outside world. Although you can make
designated servers on the LAN accessible to the outside world, it is strongly recommended
that you attach those servers to the DMZ port instead. If you do not define any servers (for
Many-to-One and Many-to-Many Overload mapping), NAT offers the additional benefit of
firewall protection. With no servers defined, the ZyXEL device filters out all incoming
inquiries, thus preventing intruders from probing your network. For more information on IP
address translation, refer to RFC 1631, The IP Network Address Translator (NAT).

9.1.3 How NAT Works

Each packet has two addresses – a source address and a destination address. For outgoing
packets, the ILA (Inside Local Address) is the source address on the LAN, and the IGA (Inside
Global Address) is the source address on the WAN. For incoming packets, the ILA is the
destination address on the LAN, and the IGA is the destination address on the WAN. NAT
maps private (local) IP addresses to globally unique ones required for communication with
hosts on other networks. It replaces the original IP source address (and TCP or UDP source
port numbers for Many-to-One and Many-to-Many Overload NAT mapping) in each packet
and then forwards it to the Internet. The ZyXEL device keeps track of the original addresses
and port numbers so incoming reply packets can have their original values restored.

9.1.4 NAT Mapping Types

NAT supports five types of IP/port mapping. They are:
• One to One: In One-to-One mode, the ZyXEL device maps one local IP address to one
global IP address.
• Many to One: In Many-to-One mode, the ZyXEL device maps multiple local IP
addresses to one global IP address. This is equivalent to SUA (i.e., PAT, port address
translation), ZyXEL's Single User Account feature (the SUA Only option).
• Many to Many Overload: In Many-to-Many Overload mode, the ZyXEL device maps
the multiple local IP addresses to shared global IP addresses.
• Many One to One: In Many-One-to-One mode, the ZyXEL device maps each local IP
address to a unique global IP address.
• Server: This type allows you to specify inside servers of different services behind the
NAT to be accessible to the outside world although, it is highly recommended that you
use the DMZ port for these servers instead.
145 Chapter 9 Configuration > NAT