Linksys SPA932 Network Address Translation and SPA9x2 Phones, Introducing Linksys SPA9x2 Phones

Introducing Linksys SPA9x2 Phones

Network Address Translation and SPA9x2 Phones

If security is not a concern, you can disable stateful packet inspection (SPI) on your firewall (if you have it). SPI allows a firewall to be aware of a packet’s state; only recently-sent requests are allowed into the network.

UserC

Network Address Translation and SPA9x2 Phones

In a typical application of network address translation (NAT), all devices in a subscriber network access the Internet through a router with a single public IP address. The IP address is assigned by a service provider. The IP header of the packets sent from the private network to the public network is substituted by NAT with the public IP address and a port assigned by the router. The receiver of the packets on the public network sees the packets as coming from the external address instead of the private address of the device.

You can implement NAT in three ways:

•Full cone NAT (one-to-one NAT)— All requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host by sending a packet to the mapped external address

•Restricted cone NAT—All requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host cannot send a packet to the internal host unless the internal host previously sent a packet to it.

•Port-restricted cone NAT (symmetric NAT)—Similar to restricted cone NAT, but the restriction includes port numbers. An external host can send a packet to a particular port on the internal host only if the internal host previously sent a user datagram protocol (UDP) packet from that port to the external host. UDP is a connectionless messaging protocol for delivery of data packets.

See the following topics:

•”Routers and Service Provider Support of NAT” section on page 12