Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

131

132

133

134

135

136

137

138

139

140

NAT Overview

September 08, 2010 Page 6 of 18

Figure 3 Basic NAT Dynamic Inside Address Translation

Client2 Walkthrough:

ApacketarrivesattheNATrouterfromClient2withasourceaddressof10.1.1.2,butleavesthe

NATrouterwiththeremainingavailablesourceaddressfromtheassignedpool,inthiscase:

200.1.1.1.InbothcasesthedestinationisforServer1’sIPaddressof200.1.1.50.FromServer1’s

pointofview,

Client2’sIPaddressis200.1.1.1.Server1doesn’tknowanythingaboutitsactualIP

addressof10.1.1.2.

WhenServer1respondstoClient2,itspacketarrivesattheNATrouterwithClient2’stranslated

addressof200.1.1.1asthedestinationaddress,butleavestheNATrouterwithClient2’sactual

addressof10.1.1.2as

thedestinationaddress.Server1’sresponseisdeliveredtoIPaddress10.1.1.2.

NAPT Dynamic Inside Address Translation

Figure 4onpage 7displaysabasicNAPTdynamicinsideaddresstranslationoverview.The

overviewshowstwointernalnetworkclients:Client1andClient2.Theaccess‐listassignedtothis

dynamictranslationmustcontainpermitsfortheIPaddressofeachlocalclient(10.1.1.1and

10.1.1.2).ANATpoolcanbeconfiguredwith

asingleIPaddressforitsrangeofpubliclyavailable

IPaddressesandassignedtothisdynamictranslation.AsinglepublicIPaddresswillbesufficient

becauseNAPTwillusetheavailableL4portrangeofthisaddresswhenassigningaddressesfor

dynamictranslation.InthiscasethepublicIP

addressrangeisfrom200.1.1.1to200.1.1.1.Thisisa

NAPTdynamictranslationsowemustassigntheoverloadoption.

Server1

200.1.1.50

NAT

ROUTER

DA: 200.1.1.50

SA: 200.1.1.2

DA: 200.1.1.2

SA: 200.1.1.50

DA: 200.1.1.50

SA: 10.1.1.1

DA: 10.1.1.1

SA: 200.1.1.50

Client2

10.1.1.2

DA: 200.1.1.50

SA: 200.1.1.1

External

Public

Network

Internal

Private

Network

DA: 200.1.1.1

SA: 200.1.1.50

DA: 200.1.1.50

SA: 10.1.1.2

DA: 10.1.1.2

SA: 200.1.1.50

Client1

10.1.1.1