Avaya 3.7 User Manual
Using Device tabs to configure the security gateway
Issue 4 May 2005
85
Policies tab, NAT services
Network Address Translation (NAT) is an Internet standard that allows private (nonroutable)
networks to connect to public (routable) networks. To connect private networks and public
networks, address mapping is performed on a security gateway that is located between the
private network and the public network.
networks to connect to public (routable) networks. To connect private networks and public
networks, address mapping is performed on a security gateway that is located between the
private network and the public network.
Note:
Note:
Beginning with the VPNmanager 3.2 and the VPNos 4.2 releases, the
VPNremote Client 4.1 is supported behind a NAT device (DSL or Broadband
Router).
VPNremote Client 4.1 is supported behind a NAT device (DSL or Broadband
Router).
About NAT types for VPNos 4.31
Beginning with VPNos 4.31, you can set the following three types of NAT mapping on the
security gateway:
security gateway:
●
Static NAT. With Static NAT, addresses from one network are permanently mapped to
addresses on another network. One private IP address can be translated to one public IP
address. Static NAT is bidirectional, that is, for outgoing packets, Static NAT translates the
source IP address of the packets. For incoming packets, Static NAT translates the
destination address of the packets. You must specify both the original address and the
translated address to configure Static NAT.
addresses on another network. One private IP address can be translated to one public IP
address. Static NAT is bidirectional, that is, for outgoing packets, Static NAT translates the
source IP address of the packets. For incoming packets, Static NAT translates the
destination address of the packets. You must specify both the original address and the
translated address to configure Static NAT.
●
Port NAT. With Port NAT, addresses from internal, nonroutable networks are translated to
one routable address in Port NAT. Port numbers, in the case of TCP/UDP packets and
sequence numbers and IDs in the case of ICMP packets, are used to create unique
channels. Port NAT is unidirectional. That is, Port NAT translates only outgoing packets
and not incoming, but it does translate the replies. On the way out, the source address of
the packet is translated. For the replies, the destination address is translated back. You
can choose from predefined network objects or user-defined network objects, or you can
specify the IP address and the Mask for the original address. You must specify the IP
address and the port ranges for the translated address. The port ranges must be in a
range from 5000 to 65535.
one routable address in Port NAT. Port numbers, in the case of TCP/UDP packets and
sequence numbers and IDs in the case of ICMP packets, are used to create unique
channels. Port NAT is unidirectional. That is, Port NAT translates only outgoing packets
and not incoming, but it does translate the replies. On the way out, the source address of
the packet is translated. For the replies, the destination address is translated back. You
can choose from predefined network objects or user-defined network objects, or you can
specify the IP address and the Mask for the original address. You must specify the IP
address and the port ranges for the translated address. The port ranges must be in a
range from 5000 to 65535.
Note:
Note:
When using Port NAT, the ESP trailer must be configured in the VPN IPSec
parameters.
parameters.
●
Port Redirection. With port redirection, addresses from a specific address and a specific
port are redirected to another address and port. Port redirection translates the destination
address of an incoming packet and the source address of the reply. You must specify the
from address, the to address, and the port number.
port are redirected to another address and port. Port redirection translates the destination
address of an incoming packet and the source address of the reply. You must specify the
from address, the to address, and the port number.
By default, NAT is enabled, and the Share public address to reach the internet feature is
selected. NAT affects only clear traffic.
selected. NAT affects only clear traffic.