Nortel 4134 用户指南
28
Firewall and NAT Fundamentals
•
IRC - MIRC
•
AOL Instant Messenger
•
AOL enhanced chat
•
ICQ2000b
•
Net2Phone
•
Microsoft Instant Messenger
Security related
•
PPTP
•
IPsec ESP (IPsec client from internal network)
•
IKE
•
L2TP
•
GRE
SIP ALG interoperability with Nortel MCS clients
The SR4134 firewall supports a SIP ALG that enables Nortel MCS Clients,
in tandem with the MCS 5100 Server, to complete calls via application-level
address translation. It also dynamically opens the necessary pinholes for
media traffic to traverse the firewall.
in tandem with the MCS 5100 Server, to complete calls via application-level
address translation. It also dynamically opens the necessary pinholes for
media traffic to traverse the firewall.
For more details refer to
.
NAT Overview
Network Address Translation (NAT) gives ports on a private network access
to the Internet using one or more globally unique IP addresses.
to the Internet using one or more globally unique IP addresses.
NAT contains a pool of available global addresses that are continually
reused. It allows a network to use one set of network addresses internally
and a different set when dealing with external networks. Internal network
addresses are allocated according to internal considerations of the network.
Global addresses must remain unique to distinguish between different
hosts. When a packet is routed, NAT replaces the internal corporate
address with a global address. As soon as the application session is over,
the global address is returned to the pool and can be used by subsequent
connections. NAT can also modify the source and destination port numbers.
reused. It allows a network to use one set of network addresses internally
and a different set when dealing with external networks. Internal network
addresses are allocated according to internal considerations of the network.
Global addresses must remain unique to distinguish between different
hosts. When a packet is routed, NAT replaces the internal corporate
address with a global address. As soon as the application session is over,
the global address is returned to the pool and can be used by subsequent
connections. NAT can also modify the source and destination port numbers.
Network Address Translation (NAT) can be applied on a per policy basis.
With policy-based NAT, traffic is translated only when it matches the
configured firewall policy as opposed to being applied to all traffic going
out an interface.
With policy-based NAT, traffic is translated only when it matches the
configured firewall policy as opposed to being applied to all traffic going
out an interface.
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.