On inbound packets, in response, all External NAT destination IP addresses {198.41.9.219}
are changed to Internal NAT IP addresses {10.5.3.10}.
The NAT Session, which was created by the outbound IP packet from the NAT Network, is
what allows this translation to take place.
NAT Sessions can be displayed in the Command Line interface with the command show nat
sessions.
Nat_2220> show nat sessions
Active Map Remote Proto Hashes
−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−−−−−−−−−− −−−−−− −−−−−−−−−
10.5.3.10:0 −>198.41.9.219:0 128.138.240.11:0 ICMP 221/909
A NAT Session stores the three IP addresses as two pairs of IP addresses (or "hashes"): the
hash of the "Remote" IP address and "External NAT" address (the "Mapped Hash"), and the
hash of the "Remote" IP address and the "Internal NAT" address, and the Application
Protocol of the IP session which established the NAT Session (in this case, ICMP) (See Table
1).
Table 1
(The External or MAPPED "Hash")
128.138.240.11:0 198.41.9.219:0
|
|
{Protocol = ICMP}−−>+ <<=======================>> The "NAT SESSION"
|
|
198.138.240.11:0 10.5.3.10:0
(The Internal "Hash")
The details of the NAT functionality for the MicroRouter 2220R NAT Router of Figure 1
and Table 1 are shown in Table 2.
Table 2
External Network NAT Router NAT Network
IP Addreses IP Addreses IP Addreses
=============== ====================================== ===============
External Gateway Internal
Range(s) Address Range
−−−−−−−−−−−−−− −−−−−−−− −−−−−−−−
'Global' IP 198.41.9.194 10.5.3.1 10.5.3.0 10.5.3.2 to
Addreses &198.41.9.219 10.5.3.30
Once again, note that the remote Internet IP address, be it a source or destination address, is
never changed. The processes on the outside never really "know" the address(es) of the
processes communicating with them through the NAT Router.
The External Range term shown in Table 2 could be confusing. It is not the address or
addresses to which the processes inside the NAT Network are communicating, as the name
might imply. The External Range(s) is (are) the IP address(es) the NAT algorithm is using to
allow outside processes to communicate with the IP addresses in the NAT Network through
the External NAT Port. The internal processes only route their IP packets through the NAT
Router Gateway address(es) on the Gateway's Internal NAT Port(s). They address their
packets to the outside IP addresses, not the Gateway Address. This is important to note