Avaya 3.7 Policies tab, NAT services

Using Device tabs to configure the security gateway

Issue 4 May 2005 85

Policies tab, NAT services

Network Address Translation (NAT) is an Internet standard that allows private (nonroutable)

networks to connect to public (routable) networks. To connect private networks and public

networks, address mapping is performed on a security gateway that is located between the

private network and the public network.

Note:

Note: Beginning with the VPNmanager 3.2 and the VPNos 4.2 releases, the

VPNremote Client 4.1 is supported behind a NAT device (DSL or Broadband

Router).

Beginning with VPNos 4.31, you can set the following three types of NAT mapping on the

security gateway:

●Static NAT. With Static NAT, addresses from one network are permanently mapped to

addresses on another network. One private IP address can be translated to one public IP

address. Static NAT is bidirectional, that is, for outgoing packets, Static NAT translates t he

source IP address of the packets. For incoming packets, Static NAT translates the

destination address of the packets. You must specify both the original address and the

translated address to configure Static NAT.

●Port NAT. With Port NAT, addresses from internal, nonroutable networks are translated to

one routable address in Port NAT. Port numbers, in the case of TCP/UDP packets and

sequence numbers and IDs in the case of ICMP packets, are used to create unique

channels. Port NAT is unidirectional. That is, Port NAT translates only outgoing packets

and not incoming, but it does translate the replies. On the way out, the source address of

the packet is translated. For the replies, the destination address is translated back. You

can choose from predefined network objects or user-defined network objects, or you can

specify the IP address and the Mask for the original address. You must specify the IP

address and the port ranges for the translated address. The port ranges must be in a

range from 5000 to 65535.

Note:

Note: When using Port NAT, the ESP trailer must be configured in the VPN IPSec

parameters.

●Port Redirection. With port redirection, addresses from a specific address and a specific

port are redirected to another address and port. Port redirection translates the destination

address of an incoming packet and the source address of the reply. You must specify the

from address, the to address, and the port number.

By default, NAT is enabled, and the Share publ ic address to reach the internet feature is

selected. NAT affects only clear traffic.