Manualshelf

Install guide

ManualsBrandsAllied Telesis ManualsSwitchAT-8824
12345678910
6 VoIP Phone Calls and the Firewall Release Note
Software Version 2.7.4
C613-10444-00 REV A
Network Address and Port Translation (NAPT)
About NAPT Network Address and Port Translation (NAPT) translates the IP address and
TCP/UDP port of packets sent to and from private side devices. NAPT
expands on the existing NAT functionality, by giving you control over the UDP
or TCP port numbers that the firewall assigns to each user’s sessions.
When to use NAPT NAPT increases the reliability of VoIP phone calls through the SIP Application
Layer Gateway by avoiding changes to the UDP port number. The port number
is important because public SIP proxy servers use it to locate users.
If you use enhanced NAT instead of NAPT, the firewall randomly assigns a
UDP port to each user’s session and uses this port number to determine which
user to send incoming traffic to. Once a session is established the firewall keeps
it alive, so the port number is constant until—and only until—the session is
closed. Sessions are closed, for example, if a user of a soft phone logs off. When
the user next logs on, the firewall will give the session a different UDP port
number. The SIP proxy server will only learn this port number when the user
phones out, so cannot direct incoming phone calls to a user before the user has
called out.
If you use NAPT, the firewall will always give the same UDP port number to
each user. This unchanging port number ensures that the SIP proxy server can
always connect to the user.
Like enhanced NAT, NAPT also lets users on your LAN access the Internet
when you have many private IP addresses on your LAN and one public IP
address on the firewall.
Configuration To use NAPT on an interface, apply a firewall policy to that interface and create
rules on the policy. Use the command:
add firewall policy=name rule=id interface=interface
action=nat nattype=napt protocol=udp
ip=private-ip-address gblip=public-ip-address
port=private-port gblport=public-port [other-options...]
NAPT translates between the addresses specified in the ip and glbip
parameters, and the ports specified in the port and gblport parameters
(Table 4). You need to create rules on both the private and public interfaces.
Table 4: The translation performed by NAPT
Interface Traffic direction Translation direction IP parameters Port parameters
Private Outgoing traffic Private to public settings ip to glbip port to glbport
Incoming return traffic for sessions
initiated on private side
Public to private settings gblip to ip gblport to port
Public Incoming traffic Public to private settings gblip to ip gblport to port
Outgoing return traffic for sessions
initiated on public side
Private to public settings ip to glbip port to glbport