Chapter 7: Routing and WAN connections LANCOM Reference Manual LCOS 3.50
81
Routing and WAN
connections
In the first application the so-called N:1 NAT, also known as IP masquerading
(’The hiding place—IP masquerading (NAT, PAT)’ page74) is used. All
addresses (“N”) of the local network are mapped to only one (“1”) public
address. This clear assignment of data streams to the respective internal PCs
is generally made available by the ports of the TCP and UDP protocols. That’s
why this is also called NAT/PAT (Network Address Translation/Port Address
Translation).
Due to the dynamic assignment of ports, N:1 masquerading enables only
those connections, which have been initiated by the internal network. Excep-
tion: an internal IP address is staticly exposed on a certain port, e.g. to make
a LAN server accessible from the outside. This process is called “inverse mas-
querading” (’Inverse masquerading’ page78).
A N:N mapping is used for network couplings with identical address ranges.
This transforms unambiguously multiple addresses (“N”) of the local network
to multiple (“N”) addresses of another network. Thereby, an address conflict
can be resolved.
Rules for this address translation are defined in a static table in the LANCOM.
Thereby new addresses are assigned to single stations, parts of the network,
or the entire LAN, by which the stations can contact other networks then.
Some protocols (FTP, H.323) exchange parameters during their protocol nego-
tiation, which can have influence on the address translation for the N:N map-
ping. For a correct functioning of the address translation, the connection
information of these protocols are tracked appropriately by functions of the
firewall in a dynamic table, and are additionally considered to the entries of
the static table.
The address translation is made “outbound”, i.e. the source address is
translated for outgoing data packets and the destination address for
incoming data packets, as long as the addresses are located within
the defined translation range. An “inbound” address mapping,
whereby the source address is translated (instead of the destination
address), needs to be realized by an appropriate “outbound” address
translation on the remote side.
7.4.1 Application examples
The following typical applications are described in this section:
Coupling of private networks utilizing the same address range
Central remote monitoring by service providers