nat-tutorial.pdf
(
503 KB
)
Pobierz
Network Address Translation (NAT)
Tutorial and Avaya™ Communication
Manager 1.3 NAT Shuffling Feature
ABSTRACT
This document is a simplified tutorial on network address translation (NAT) and network address port
translation (NAPT), or port address translation (PAT). This document also explains in detail the new
NAT shuffling feature in Avaya™ Communication Manager 1.3.
Application Note
April 2003
COMPAS ID 97779
NAT Tutorial and Avaya Communication Manager 1.3 NAT Shuffling Feature
All information in this document is subject to change without notice. Although the information is
believed to be accurate, it is provided without guarantee of complete accuracy and without warranty of
any kind. It is the user’s responsibility to verify and test all information in this document. Avaya shall
not be liable for any adverse outcomes resulting from the application of this document; the user must take
full responsibility.
© 2003 Avaya Inc. All Rights Reserved.
Avaya and the Avaya Logo are trademarks of Avaya Inc. or Avaya ECS Ltd., a wholly owned subsidiary
of Avaya Inc. and may be registered in the US and other jurisdictions. All trademarks identified by ® and
™ are registered trademarks or trademarks, respectively, of Avaya Inc. All other registered trademarks or
trademarks are property of their respective owners.
SM
NAT Tutorial and ACM 1.3 NAT Shuffling Feature
2
NAT Tutorial and
Avaya™ Communication Manager 1.3 NAT Shuffling Feature
Table of Contents
1
NAT and NAPT/PAT ............................................................................................................................ 4
1.1
1.2
1.3
1.4
2
Static 1-to-1 NAT ....................................................................................................................... 5
Dynamic Many-to-1 NAT........................................................................................................... 6
Dynamic Many-to-a-Pool NAT .................................................................................................. 7
Issues with NAT and H.323........................................................................................................ 7
Avaya Communication Manager 1.3 NAT Shuffling Feature............................................................... 8
Scenario 1 ................................................................................................................................... 9
Scenario 2 ................................................................................................................................. 10
Scenario 3a................................................................................................................................ 11
Scenario 3b ............................................................................................................................... 12
Scenario 3c................................................................................................................................ 13
Scenario 4a................................................................................................................................ 14
Scenario 4b ............................................................................................................................... 15
Scenario 5a................................................................................................................................ 16
Scenario 5b ............................................................................................................................... 17
Scenario 5c................................................................................................................................ 18
SM
NAT Tutorial and ACM 1.3 NAT Shuffling Feature
3
1
NAT and NAPT/PAT
Network address translation (NAT) is a function, typically in a router or firewall, by which an internal IP
address is translated to an external IP address. The terms “internal” and “external” are generic and
ambiguous, and they are more specifically defined by the application. For example, the most common
NAT application is to facilitate communication from hosts on private networks to hosts on the public
Internet. In this case the internal addresses are private addresses, and the external addresses are public
addresses.
NAT
10.1.1.2
Private
Network
135.9.17.5
Public
Internet
translated to
10.1.1.2
135.9.17.5
216.239.39.99
www.google.com
The figure above shows the private address
10.1.1.2
being translated to the public address
135.9.17.5.
When the private network host makes a request to the public web server www.google.com, the request
appears to the server to be coming from
135.9.17.5.
The server replies to
135.9.17.5,
and the NAT device
(router or firewall) reverses the translation and forwards the reply to
10.1.1.2.
Note that this scenario
does not utilize a web proxy server, which would be an entirely different scenario.
NAT looks like this at the IP packet level.
Src:
10.1.1.2
Dst:
216.239.39.99
IP Payload
Src:
216.239.39.99
Dst:
10.1.1.2
IP Payload
NAT
Src:
135.9.17.5
Dst:
216.239.39.99
IP Payload
Src:
216.239.39.99
Dst:
135.9.17.5
IP Payload
216.239.39.99
www.google.com
10.1.1.2
SM
NAT Tutorial and ACM 1.3 NAT Shuffling Feature
4
Another common NAT application is for some VPN clients. The internal address in this case is the
physical address, and the external address is the virtual address.
10.9.1.85
virtual
address
VPN tunnel
AT
N
192.168.1.3
physical
address
10.9.1.85
VPN
Gateway
Enterprise
Network
Public
Internet
10.16.2.100
enterprise server
translated to
192.168.1.3
10.9.1.85
In the figure above the laptop has a physical address of
192.168.1.3.
This could be the address given by
the broadband (DSL, cable, etc.) service provider, or it could be a private small-office/home-office
(SOHO) network address. This address does not necessarily have to be a private address as shown here,
as the subscriber could pay for a public address from the broadband service provider. But regardless of
the nature of the physical address, the point is that it cannot be used to communicate back to the enterprise
through a VPN tunnel. Once the tunnel is established, the enterprise VPN gateway assigns a virtual
address to the VPN client application on the laptop. This virtual address is part of the enterprise IP
address space, and it must be used to communicate back to the enterprise.
The application of the virtual address varies among VPN clients. Some VPN clients integrate with the
operating system in such a way that packets from IP applications (ie, FTP, telnet, etc.) on the laptop are
sourced from the virtual IP address. That is, the IP applications inherently use the virtual IP address.
With other VPN clients this does not occur. Instead, the IP applications on the laptop inherently use the
physical IP address, and the VPN client performs a NAT to the virtual IP address. In this case the VPN
client translates the physical address
192.168.1.3
to the virtual address
10.9.1.85.
This NAT is no different than if a router or firewall had done the translation. All requests coming from
the laptop appear to the enterprise server to be coming from
10.9.1.85.
The server replies to
10.9.1.85,
and the VPN gateway forwards the replies through the tunnel to the VPN client, which then translates the
destination address back to
192.168.1.3.
There are three main types of NAT, and each one is covered below.
1.1
Static 1-to-1 NAT
Static 1-to-1 NAT is what has already been covered up to this point. For every internal address there is an
external address, with a static 1-to-1 mapping between internal and external addresses. It is the simplest
yet least efficient type of NAT, in terms of address preservation, because every internal host requires an
external IP address. This limitation is often impractical when the external addresses are public IP
addresses. Sometimes the primary reason for using NAT is to preserve public IP addresses, and for this
case there are two other types of NAT: many-to-1 and many-to-a-pool.
SM
NAT Tutorial and ACM 1.3 NAT Shuffling Feature
5
Plik z chomika:
konri75
Inne pliki z tego folderu:
ipo-cm.pdf
(923 KB)
IP_GUIDE_3.0.pdf
(639 KB)
poe-ciscoxp500.pdf
(382 KB)
8300updates.pdf
(317 KB)
advantages_of_implem.pdf
(268 KB)
Inne foldery tego chomika:
!2007
!2008
!2009
!2010
!2011
Zgłoś jeśli
naruszono regulamin