Table of Contents
Advertisement
16 Security Services - NAT & PAT
Consequences of
NA(P)T on layers
AST570 solutions
208 / 300
The NA(P)T feature comes at the expense of the AST570
transparency. This because a number of protocols that are layered
on top of either TCP/IP or UDP/IP do not adhere to the ISO/OSI
reference model.
Note: The ISO Open Systems Interconnection (OSI) reference model promotes
the layered implementation of communications protocol stacks. Layers from
protocol stacks implemented according to this model can be changed without
affecting the upper or lower layers.
An important consequence is that changing IP addresses or
TCP/UDP ports via NA(P)T affects the other layers as well.
Due to these changes, applications that are the ultimate
consumers of the protocols cannot decode the information
correctly anymore.
The AST570 offers some solutions to cope with this situation.
Basically these solutions boil down in transporting Public IP
addresses transparently through the AST570 towards a device
where a more advanced NAT and/or PAT can be performed.
Some solutions are described in the following paragraphs:
Via the PPPoA to PPTP Relay
"
PPP to DHCP Spoofing.
"
3EC 17766 AAAA TCZZA Ed. 04
Advertisement
Table of Contents
