User`s manual
P-660 Series Support Notes
41
All contents copyright © 2005 ZyXEL Communications Corporation.
5. Using Multi-NAT
What is Multi-NAT?
NAT (Network Address Translation-NAT RFC 1631) is the translation of an Internet
Protocol address used within one network to a different IP address known within
another network. One network is designated the inside network and the other is the
outside. Typically, a company maps its local inside network addresses to one or more
global outside IP addresses and "unmaps" the global IP addresses on incoming
packets back into local IP addresses. The IP addresses for the NAT can be either fixed
or dynamically assigned by the ISP. In addition, you can designate servers, e.g., a web
server and a telnet server, on your local network and make them accessible to the
outside world. If you do not define any servers, NAT offers the additional benefit of
firewall protection. In such case, all incoming connections to your network will be
filtered out by the P-660, thus preventing intruders from probing your network.
The SUA feature that the P-660 supports previously operates by mapping the private
IP addresses to a global IP address. It is only one subset of the NAT. The P-660 with
ZyNOS V3.40 supports the most of the features of the NAT based on RFC 1631, and
we call this feature as 'Multi-NAT'. For more information on IP address translation,
please refer to RFC 1631, The IP Network Address Translator (NAT).
How NAT works
If we define the local IP addresses as the Internal Local Addresses (ILA) and the
global IP addresses as the Inside Global Address (IGA), see the following figure. The
term 'inside' refers to the set of networks that are subject to translation. NAT operates
by mapping the ILA to the IGA required for communication with hosts on other