System information

221 02-FGB 101 544 Uen A – September 2008 25

5.2.9 NAT

The W3x terminals support dynamic one-to-many NAT - also known as

NAPT. NAPT translates the source IP address of the LAN to the public

WAN IP address. It also changes the source port (UDP or TCP) or the

ICMP for the WAN to LAN flow. Port translation allows several LAN devices

to be connected to the WAN through one public IP address.

5.2.9.1 NAT Port Forwarding

The NAT Port Forwarding feature, sometimes referred to as Virtual Server,

redirects traffic from the WAN side to a server on the LAN side.

The Port Forwarding feature requires that the W3x terminal has a public IP

address for Port Forwarding requests from the Internet to be handled

correctly.

5.2.9.2 NAT ALGs

An ALG enables the transfer of specific application streams through NAT.

This is enabled by creating dynamic holes in NAT and changing IP

addresses in network protocol headers, and if a secondary port is required,

the ALG will open one.

The W3x terminals include NAT ALGs for the following protocols:

• FTP

• TFTP

• RTSP

• SIP

• PPTP

The included ALGs can be enabled/disabled individually and do not require

any additional configuration.

5.2.10 UPnP IGD

The W3x terminals support the UPnP standard with respect to the Internet

Gateway Device (IGD) profile, used by Microsoft Messenger (among

others) to configure port forwarding in a NAT router.

5.2.11 VPN Pass-Through

The W3x terminals support VPN pass-through from a client on the LAN

connecting to a VPN server on the Internet without any configuration.

Supported protocols are IPsec and PPTP (Microsoft VPN) with the

following limitations:

• The IPsec client and server must support NAT-T (NAT Traversal).

• Only one client at a time can use PPTP, unless the PPTP ALG is

enabled.

Other VPN pass-through configurations, such as a VPN server residing on

the W3x LAN, are also possible provided the appropriate ports/protocols

are forwarded.