Specifications

Why Would I Use NAT in My Network?

September 08, 2010 Page 2 of 18

Why Would I Use NAT in My Network?

EnterasyssupportforNATprovidesapracticalsolutionfororganizationswhowishtostreamline

theirIPaddressingschemes.NAToperatesonarouterconnectingaprivatenetworktoapublic

network,simplifyingnetworkdesignandconservingIPaddresses.NATcanhelporganizations

mergemultiplenetworkstogetherandenhancenetworksecurity by:

•Helpingtopreventmaliciousactivityinitiatedbyoutsidehostsfromenteringthecorporate

network

•Improvingthereliabilityoflocalsystemsbystoppingworms

•Augmentingprivacybykeepingprivateintranetaddresseshiddenfromviewofthepublic

internet,therebyinhibitingscans

• LimitingthenumberofIPaddressesusedforprivateintranetsthatare

requiredtobe

registeredwiththeInternetAssignedNumbersAuthority(IANA)

• ConservingthenumberofglobalIPaddressesneededbyaprivateintranet

How Can I Implement NAT?

ToimplementNATinyournetwork:

•EnableNATonboththeinside(local)andoutside(public)interfacestobeusedfortranslation

•Ifyouintendtouseinsidesourceaddressdynamictranslation(see“DynamicInsideAddress

Translations”onpage 5fordetails):

–Defineanaccess‐listofinsideaddresses

–DefineaNATaddress

poolofoutsideaddresses

–Enabledynamictranslationofinsideaddressesspecifyinganaccess‐listofinside

addressesandaNATaddresspoolofoutsideaddresses

– OptionallyconfigureoverloadforNAPT(defaultstoNAT)

– Optionallyspecifytheinterfacetowhichtranslationsareapplied

•Ifyouintendtouseinsidesourceaddressstatictranslation

(see“StaticInsideAddress

Translation”onpage 3fordetails),enableinsidesourceaddressstatictranslationinthe

appropriateNAT orNAPTcontext

• OptionallychangetheNATFTPcontrolportfromitsdefaultof21

• Optionallyenableforceflowstoforceallflowstobetranslatedbetweenoutsideandinside

addresses

• Optionally

modifymaximumallowedentriesandNATtranslationtimeoutvalues