Avaya 3.7 About NAT types for VPNos 3.X

Setting up the network

88 Avaya VPNmanager Configuration Guide Release 3.7

About NAT types for VPNos 3.X

For VPNos 3.X, you can set the following types of NAT mapping on the VSU.

●Static Mapping – Addresses from one network are permanently mapped to addresses on

another network. Static mapping works when traffic is initiated either inside or outside of

the private network.

●Dynamic Mapping – Addresses from one network are temporarily mapped to an address

from another network. When traffic is initiated from a client on the private network, its

address is temporarily mapped to an address selected from a pool of public addresses.

When the client traffic is idle for a specified period of time, the mapped address is returned

to the pool of available addresses. When all public addresses have been assigned, no other

private clients can initiate traffic until a public address becomes available.

Dynamic mapping works only for connections initiated from the private network.

●Port Mapping – This option is similar to dynamic mapping except that only one public IP

address is required. The security gateway maps every packet from the private network to

the public IP address and a source port selected from a predefined range of TCP and UDP

port numbers. When traffic is initiated from a client on the private network it is dynamically

mapped to the public IP address and an available port number.

When the client traffic is idle for a specified period of time, the port number is returned to the

pool of available port numbers. When all port numbers have been allocated, no other

private clients can initiate traffic until a port number becomes available.

Port mapping works only for connections initiated from the private network. In addition, port

mapping works only for TCP and UDP traffic.

Network administrators may choose to use the NAT mechanism for any of the following

reasons:

●Allow access to the Internet from private networks. Networks which are assigned

private addresses, such as 10.0.0.0 (RFC 1918), or addresses that have not been

registered must be mapped to public addresses to allow users access to the Internet.

●Provide support for more hosts with fewer public addresses. Address mapping allows

network administrators to increase the number of hosts that can access the Internet

without needing additional registered network addresses.

●Hide host addresses for security reasons. Network administrators may choose to use

address mapping to hide actual host addresses from the public.

●Set up VPNs that include overlapping private addresses. Address mapping allows

network administrators to set up VPNs between two sites that use the same private

network addresses. For example, both sites may be using 10.0.0.0 private network

addresses.