- Enterasys Security Router User's Guide

ManualsBrandsEnterasys Networks ManualsNetwork RouterSecurity Router X-PeditionTM

121

122

123

124

125

126

127

128

129

130

IP Routing Protocols

5-26 Configuring IP

RTP_compression TX reached maximum allowed connections,

RTP compression received un-expected 8 bit CID

RTP compression received un-expected 16 bit CID

Received CID (mmm) exceeds the negotiated max CID nnn.

Network Address Translation

Network Address Translation (NAT) maps IP address from one address realm to another,

providing transparent routing to end hosts. Using NAT and Network Address Port Translation

(NAPT), the protocol provides a way for many users to share one global IP address. NAT also

enhances access security by only allowing certain global addresses to access the private network.

NAT is limited in some respects: it requires more processing in the fast path which can impact

packet delivery speed. Also, applications which bundle the host IP address inside the payload do

not interoperate with NAT because the address does not match the address on the IP header.

A special translation agent known as an Application Level Gateway (ALG) is used to allow such

programs on a host in one address realm to transparently connect to its counterpart running on a

host in a different realm.

The XSR implements traditional NAT (RFC-3022). It has two forms:

• Static NAT - Hosts on the private network are mapped statically to global addresses. There are

two kinds of basic NAT:

– One-to-one mapping - Each host is supplied a one-to-one mapping, on the private network,

to a global address. Hosts without mappings are not NATted.

– Pool mapping - A pool of global addresses is defined. Hosts on the private network are

mapped to global addresses on a first-come, first-serve basis. Once a global address is

selected, static mapping is performed. This NAT type is not supported at this time.

• NAPT - Both the source address and source port of hosts on the private network are

translated. The global address is that of the egress interface. Hosts on the private network all

share the same global address (based on the egress interface).

– Pool NAT -

– Pool NAT with Overload -

Features

The following NAT features are supported on the XSR:

• Static NAT - One-to-one mapping based on global (independent of interface) static mapping

table. Mapping is permanent and is deleted only if the configuration is removed.

• Network Address Port Translation (NAPT).

• Standard and Extended Access Control Lists supported.

Note: Prioritization of packets passing from trusted to external interfaces for the XSR’s four basic

types of NAT are, in descending order:

• Interface Static NAT

• Global Static NAT

• Pool NAT

• NAPT