Patton electronic SmartNode 4110 Series ユーザーズマニュアル
Introduction
135
SmartWare Software Configuration Guide
11 • NAT/NAPT configuration
Dynamic NAT is particularly useful for protocols that do not build on UDP or TCP but directly on IP (e.g.
GRE, ESP). See also section
GRE, ESP). See also section
Figure 19. Dynamic NAT
Static NAT
Dynamic NAT does not permit hosts on the global network to access hosts on the local network. Static NAT
makes local hosts globally accessible. Static NAT entries map global addresses to local addresses. The global
address must be a configured global NAT address. It cannot be the address of the global interface since this
would break connectivity to the SmartNode itself.
makes local hosts globally accessible. Static NAT entries map global addresses to local addresses. The global
address must be a configured global NAT address. It cannot be the address of the global interface since this
would break connectivity to the SmartNode itself.
Static NAT is particularly useful for protocols that do not build on UDP or TCP but directly on IP (e.g. GRE,
ESP). See also section
ESP). See also section
Figure 20. Static NAT
NAPT traversal
Protocols that do not build on UDP or TCP but directly on IP (e.g. GRE, ESP), and protocols that open addi-
tional connections unknown to the NAT/NAPT component (e.g. FTP, H.323, SIP), do not easily traverse
a NAPT.
tional connections unknown to the NAT/NAPT component (e.g. FTP, H.323, SIP), do not easily traverse
a NAPT.
The SmartWare NAPT can handle one GRE (Generic Routing Encapsulation) connection and one ESP
(Encapsulating Security Payload) connection at a time. It also routes ICMP messages back to the source of the
concerned connection or to the source of an ICMP Ping message.
(Encapsulating Security Payload) connection at a time. It also routes ICMP messages back to the source of the
concerned connection or to the source of an ICMP Ping message.
To enable NAPT traversal of protocols that open additional connections, the NAPT component must analyze
these protocols at the Application Level in order to understand which NAPT entries for additional connections
these protocols at the Application Level in order to understand which NAPT entries for additional connections
131.1.1.1 (Global Interface Address)
131.1.1.20 (Global NAT Address)
131.1.1.20 (Global NAT Address)
WAN
192.168.1.40
131.1.1.20
Source Address modified
Destination Address modified
LAN
(Local Interface Address) 192.168.1.1
131.1.1.1 (Global Interface Address)
131.1.1.20 (Global NAT Address)
131.1.1.20 (Global NAT Address)
WAN
192.168.1.40
131.1.1.20
Source Address modified
Destination Address modified
LAN
(Local Interface Address) 192.168.1.1