Lucent Technologies SLC ConnectReach User & Service Manual page 205

®
Configuring the SLC ConnectReach
Using the Configuration Commands
Configuring NAT and PAT
Introduction
™
System
NAT
Network address translation (NAT), as laid out in RFC 1631, allows local (LAN) IP
addressed workstations access to the Internet through the use of an external IP
address pool. The ConnectReach NAT feature enables a company to increase the
number of internal IP addresses pursuant to RFC 1597. There is also an
Enterprise NAT option, for translating IP addresses of workstations at remote
offices to WAN IP addresses (WAN-to-WAN), by means of Frame Relay PVCs.
For details on Enterprise NAT, see Configuring Enterprise NAT on page F-1.
NAT allows the mapping of a range of LAN IP addresses to a range of WAN IP
addresses. The relation of the mapping may be one-to-one, many-to-one, or
many-to-many. All traffic between the LAN and the WAN must be defined if NAT is
enabled. The three definitions are as follows:
Static allocation
3
Dynamic allocation
3
Pass-thru.
3
In static allocation, the mapping between the LAN IP addresses and WAN IP
addresses is a static one-to-one or many-to-many relation. Static mapping may or
may not allow inbound connections from the WAN to the LAN.
In dynamic allocation, the LAN IP addresses are mapped to the available WAN IP
addresses on an as-needed basis. Dynamic mapping may be defined with a
many-to-one or many-to-many connection.
Pass-thru groups define LAN IP addresses that are allowed to pass through the
NAT firewall. The WAN range must be a valid range.
If the firewall configuration, "IP filtering plus server" is to be used in conjunction
with NAT, a static group with "allow-inbound enabled" for the server must be set
up in NAT.
Examples on NAT configuration can be found in Appendix B, Configuration
Examples.
(Continued on next page)
Issue 4 June 2002 4-119
363-208-050