ZyXEL Communications P2000W User Manual
P-2000W_V2 User’s Guide
Chapter 12 User Web Configurator Screens
87
12.11.2.3 Port Restricted Cone NAT
As in full cone NAT, a port restricted cone NAT router maps all outgoing packets from an
internal IP address and port to a single IP address and port on the external network. In the
following example, the NAT router maps the source address of all packets sent from internal
IP address 1 and port A to IP address 2 and port B on the external network.
The difference from full cone and restricted cone NAT is in how the port restricted cone NAT
router handles packets coming in from the external network. A host on the external network
(IP address 3 and Port C for example) can only send packets to the internal host if the internal
host has already sent a packet to the external host’s IP address and port.
A Prestige with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The NAT router changes the Prestige’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
NAT router will perform NAT on them and send them to the Prestige at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
internal IP address and port to a single IP address and port on the external network. In the
following example, the NAT router maps the source address of all packets sent from internal
IP address 1 and port A to IP address 2 and port B on the external network.
The difference from full cone and restricted cone NAT is in how the port restricted cone NAT
router handles packets coming in from the external network. A host on the external network
(IP address 3 and Port C for example) can only send packets to the internal host if the internal
host has already sent a packet to the external host’s IP address and port.
A Prestige with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The NAT router changes the Prestige’s IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
NAT router will perform NAT on them and send them to the Prestige at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
Figure 24 Port Restricted Cone NAT Example
12.11.2.4 Symmetric NAT
The full, restricted and port restricted cone NAT types use the same mapping for an outgoing
packet’s source address regardless of the destination IP address and port. In symmetric NAT,
the mapping of an outgoing packet’s source address to a source address in another network is
different for each different destination IP address and port.
In the following example, the NAT router maps the Prestige’s source address IP address 1 and
port A to IP address 2 and port B on the external network for packets sent to IP address 3 and
port B. The NAT router uses a different mapping (IP address 2 and port M) when the Prestige
sends packets to IP address 4 and port D.
A host on the external network (IP address 3 and port C for example) can only send packets to
the internal host via the external IP address and port that the NAT router used in sending a
packet to the external host’s IP address and port. So in the example, only 3, C is allowed to
send packets to 2, B and only 4, D is allowed to send packets to 2, M.
packet’s source address regardless of the destination IP address and port. In symmetric NAT,
the mapping of an outgoing packet’s source address to a source address in another network is
different for each different destination IP address and port.
In the following example, the NAT router maps the Prestige’s source address IP address 1 and
port A to IP address 2 and port B on the external network for packets sent to IP address 3 and
port B. The NAT router uses a different mapping (IP address 2 and port M) when the Prestige
sends packets to IP address 4 and port D.
A host on the external network (IP address 3 and port C for example) can only send packets to
the internal host via the external IP address and port that the NAT router used in sending a
packet to the external host’s IP address and port. So in the example, only 3, C is allowed to
send packets to 2, B and only 4, D is allowed to send packets to 2, M.
VoIPon www.voipon.co.uk sales@voipon.co.uk Tel: +44 (0)1245 808195 Fax: +44 (0)1245 600030