Chapter 12 Network Address Translation (NAT)
Figure 137 NAT Application With IP Alias
Corporation B
LAN2: 192.168.1.X
Network Server
"Admin=192.168.1.1
NAT Server
192.168.1.1
LAN2: 192.168.2.X
Network Server
"Sales"=192.168.2.1
NAT Server
192.168.2.1
LAN3: 192.168.3.X
Network Server
"R&D"=192.168.3.1
12.1.5 Port Restricted Cone NAT
ZyXEL Device ZyNOS version 4.00 and later uses port restricted cone NAT. Port restricted
cone NAT maps all outgoing packets from an internal IP address and port to a single IP
address and port on the external network. In the following example, the ZyXEL Device maps
the source address of all packets sent from internal IP address 1 and port A to IP address 2 and
port B on the external network. A host on the external network (IP address 3 and Port C for
example) can only send packets to the internal host if the internal host has already sent a
packet to the external host's IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyXEL Device changes the server's IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyXEL Device will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
228
NAT Server
192.168.3.1
Corporation A
Server in
Admin Network
=IP1 (IGA 1)
Internet
WAN Addresses:
LAN Addresses: (Default IPs)
IGA 1
--------------->
192.168.1.1
IGA 2
--------------->
192.168.2.1
IGA 3
--------------->
192.168.3.1
NBG410W3G Series User's Guide
Server in
Sales Network
=IP2 (IGA 2)
Server in
R&D Network
=IP3 (IGA 3)