Outbound Access - Dynamix UM-A User Manual

A.3.1 Outbound Access
The NAT module implements two modes for outbound sessions: NAT mode and NAPT mode.
NAT Mode: NAT mode implements the Basic NAT functionality.
1. Static session mapping is required for any local host to access the public domain.
2. Only one local host can be mapped to each WAN Network Interface.
3. If multiple local hosts are mapped to the same WAN Network Interface, only the first one
will take effect. All other entries are marked with
take effect.
NAPT Mode: The NAPT mode implements the NAPT functionality.
1. Multiple local hosts can access the public domain using the same WAN Network
Interface.
2. Two types of sessions may be created in this mode: dynamic and static. Static sessions
take priority over dynamic sessions.
3. Static session mapping is NOT required for any local host to access the public domain.
Static session mapping can be configured to fix the WAN Network Interface that a local
host must use to access the public domain. This does not limit the number of local hosts
this WAN Network Interface can serve in the NAPT mode.
4. Dynamic session mapping is created automatically. When a packet from the LAN is
processed and if no existing NAT session can be found, then a dynamic session is created
on a per packet basis based on the Route Table. That is, the destination IP address is used
to find the appropriate Network Interface to deliver the packet to, based on the Route
Table. If the Network Interface is a WAN interface, then the IP address of the WAN
interface is used to create the session dynamically and the Address/Port translation is
performed. Thus, packets originating from one local host may be mapped to multiple
WAN interfaces.
5. If the packet cannot be routed based on the Route Table when trying to create a dynamic
session, then no dynamic session is created and the packet is not processed by NAT. This
is different than the obsolete one-WAN static NAPT mode where a hidden "default
session" maps all LAN clients to only one WAN. The "default route" of the Route Table
serves a similar purpose through dynamic sessions.
6. A dynamic session is deleted dynamically either when the connection is completed or
when the inactivity timer expires. Thus, changes to the Route Table may not change the
NAT packet forwarding on existing sessions. This may create confusion in some cases.
For example, there are two WAN connections: WAN1 is the default route and goes to
internet, WAN2 has an internal server behind it and a manual route entry is entered to
reach that internal server. If WAN2 has a dynamic connection such as PPP or DHCP and
a LAN client tries to ping that internal server before WAN2 is connected, then the ping
request is routed to WAN1 based on the route table. While the continuous ping requests
keeps going, WAN2 is connected. However, the ping requests are continually forwarded
to WAN1 and they cannot reach the internal server. The reason is that when the first ping
request was generated, NAT creates a dynamic session, based on the route table, to
forward it to WAN1. Since the ping failed, the ping session was never completed, so the
dynamic session stays in NAT until it expires. Therefore, each ping request refreshes the
timer of that dynamic session in NAT so the session never expires. In this case, stop the
*
4/1 Port ADSL Router
indicating that the entries will not
P 129