Table of Contents
Advertisement
Port Address Translation
Normally, NAT maps each private address that needs to be routed to the outside network to a unique IP address
from the pool. However, it is possible for the global address pool to have fewer addresses than the number of
private addresses. In this case, you can configure the Foundry device to use Port Address Translation. Port
Address Translation maps a client's IP address and TCP or UDP port number to both an IP address and a TCP
or UDP port number. In this way, the Foundry device can map many private addresses to the same public
address and use TCP or UDP port numbers to uniquely identify the private hosts.
NOTE: This type of feature is sometimes called Overloading an Inside Global Address.
In the example in Figure 20.1, the pool contains enough addresses to ensure that every host on the private
network can be mapped to an Internet address in the pool. However, suppose the enterprise implementing this
configuration has only 20 Internet addresses. For example, the pool might be 209.157.1.1/24 – 209.157.1.20/24.
In this case, the pool does not contain enough addresses to ensure that all the hosts in the private network can be
mapped to Internet addresses.
Without Port Address Translation, it is possible that the device will not be able to provide NAT for some hosts.
However, with Port Address Translation, the device can provide NAT for all the hosts by using a unique TCP or
UDP port number in addition to the IP address to map to each host. For example, the device can map the
following addresses:
Inside address
10.10.10.2:6000
10.10.10.3:6000
10.10.10.4:6000
NAT is mapping the same global IP address to three different private addresses along with their TCP or UDP
ports, but uses a different TCP or UDP port number for each private address to distinguish them. Notice that the
Port Address Translation feature does not attempt to use the same TCP or UDP port number as in the client's
packet.
The way NAT deals with the client's TCP or UDP port number depends on whether Port Address Translation is
enabled:
•
Port Address Translation enabled – NAT treats the client's IP address and TCP or UDP port number as a
single entity, and uniquely maps that entity to another entity consisting of an IP address and TCP or UDP port
number. The NAT entry the device creates in the NAT translation table therefore consists of an IP address
plus a TCP or UDP port number. The device maintains the port type in the translation address:
•
If the client's packet contains a TCP port number, the device uses a TCP port in the translation address.
•
If the client's packet contains a UDP port, the device uses a UDP port in the translation address.
The device does not try to use the same TCP or UDP port number for the untranslated and translated
addresses. Instead, the device maps the client IP address plus the TCP or UDP port number to a unique
combination of IP address plus TCP or UDP port number. When the device receives reply traffic to one of
these hosts, NAT can properly translate the Internet address back into the private address because the TCP
or UDP port number in the translation address uniquely identifies the host.
To enable Port Address Translation, use the overload option when you configure the source list, which
associates a private address range with a pool of Internet addresses. See "Configuring Dynamic NAT
Parameters" on page 20-5.
•
Port Address Translation disabled – The device translates only the client's IP address into another IP address
and retains the TCP or UDP port number unchanged.
December 2000
Outside address
209.157.1.2:4000
209.157.1.2:4001
209.157.1.2:4002
Network Address Translation
20 - 3
- Quick Links:
- Configuring Ip Addresses
Hide quick links:
Advertisement
Chapters
Table of Contents
