C H A P T E R 9
Topology Hiding
The Integrated Session Border Controller (SBC) for the Cisco ASR 1000 Series Routers has a primary purpose in protecting the network and providing seamless interworking functions. The SBC can protect the network by hiding the network addresses and names for both the access (customer) side and the backbone (network core) side. The SBC also provides network protection for firewalls or home gateway users with private addresses.
When a user connects to the outside network, its IP address and port needs to be properly translated to protect its identity. The data border element (DBE) performs translation of IP addresses and port numbers via Network Address and Port Translation (NAPT) and Network Address Translation (NAT) Traversal functions in both directions.
The DBE implementation supports the H.248 NAPT package, the IP NAT Traversal Package, and the ETSI TS 102 333 specification for NAT Traversal, but only one package can be active. Latch and Relatch functions of the NAT Traversal are supported by the IP NAT Traversal package. Support for these packages help protect IP addresses of the endpoints going across the other side of the network.
The NAPT implementations on the DBE described in more detail in this chapter are summarized below:
•IPv4 Twice
•IPv6 Single NAPT for signaling
•IPv6 No NAPT for media
For a complete description of commands used in this chapter, see the Cisco IOS Integrated Session Border Controller Command Reference.
Contents
•NAPT and NAT Traversal, page
•IP NAPT Traversal Package and Latch and Relatch Support, page
•IPv4 Twice NAPT, page
•IPv6
•IPv6 Support, page
•No NAPT Pinholes, page
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
|
| ||
|
|
