Network Address Translation Overview - Inter-Tel AXXESS Manual
Hide thumbs
Also See for AXXESS:
- Administrator's manual (342 pages) ,
- User manual (118 pages) ,
- Administrator's manual (274 pages)
Table of Contents
Advertisement
Appendix F – Network Topology
®
®
INTER-TEL
AXXESS
3. NETWORK ADDRESS TRANSLATION OVERVIEW
3.1
network (LAN) to use one set of IP addresses for internal traffic and a second set of addresses
for external traffic. Generally, the NAT function is provided by a router or firewall.
3.2
addresses that is separate from (public) Internet IP addresses. This alleviates a shortage of pub-
lic IP addresses. Although NAT can provide a limited amount of security, it is rarely used
stand-alone for security purposes
3.3
certain IP addresses to be private
(routable) on the public Internet. This allows organizations to safely use these addresses within
their networks. The designated private addresses are:
•
•
•
3.4
nal public IP address (and port). The NAT box (router or firewall) keeps track of the associa-
tion between internal and external addresses and re-writes the IP packet header addresses as
necessary. The association between internal and external IP addresses is generally short-lived
based on activity.
3.5
work well with NAT. As described above, NAT translates the IP addresses in only the IP packet
headers. The root of the problem is that some protocols carry IP addresses in the IP packet pay-
load. As a result, private IP addresses are sometimes communicated out to the public Internet.
By design, these private IP addresses are not accessible.
3.6
outside address is associated with a specific inside address. Although static NAT essentially
allows an inside device to be accessible from the outside, it is still NAT and therefore problem-
atic for some protocols when IP addresses are carried in the IP packet payload.
3.7
firewall vendors offer the capability to "fix" NAT problems for specific protocols (for example,
SIP).
3.8
are often two NAT operations taking place – one at each end of the communication. The NAT
operations are the same at the two ends, but sometimes the impact on network protocols is dif-
ferent. For the purposes of this discussion, the NAT that takes place between the server (for
example, an Axxess system) and the public network is referred to as near-end NAT. The NAT
that takes place between IP endpoints and the public network (as in a home network) is
referred to as far-end NAT.
1.
2.
3.
Page F-4
MANUAL VERSION 11.0 – May 2008
Network Address Translation (NAT) is an Internet standard
The main purpose of NAT is to allow an organization to use a pool of (private) IP
To facilitate NAT, the Internet Assigned Numbers Authority (IANA) has designated
10.0.0.0 - 10.255.255.255 (One Class A Subnet)
172.16.0.0 - 172.31.255.255(16 Class B Subnets)
192.168.0.0 - 192.168.255.255 (256 Class C Subnets)
NAT operates by dynamically associating each internal private IP address with an exter-
Although NAT has been widely used throughout the Internet, some protocols do not
It is also possible to configure persistent or static NAT assignments in which a specific
Some Internet applications (for example, IP telephony) do not allow use of NAT. Some
Because NAT takes place where a private network connects to a public network, there
Defined in RFC3022.
This is because the public address/port combinations can be easily guessed. Even with dynamic
NAT, the address associations are open for long periods of (computer) time during which the inter-
nal computer is vulnerable to attack.
Defined in RFC1918.
2
.
3
. This designation means that these IP addresses are not valid
Network Address Translation Overview
1
that enables a local-area
Advertisement
Chapters
Table of Contents
Troubleshooting
