Prestige 2000W_V2 User’s Guide

Figure 22 Full Cone NAT Example

12.11.2.2 Restricted Cone NAT

As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.

The difference from full cone NAT is in how the restricted cone NAT router handles packets coming in from the external network. A host on the external network (IP address 3 or IP address 4 for example) can only send packets to the internal host if the internal host has already sent a packet to the external host’s IP address.

A Prestige with IP address 1 and port A sends packets to IP address 3 and IP address 4. The NAT router changes the Prestige’s IP address to 2 and port to B.

Both 4, D and 4, E can send packets to 2, B since 1, A has already sent packets to 4. The NAT router will perform NAT on the packets from 4, D and 4, E and send them to the Prestige at IP address 1, port A. Packets have not been sent from 1, A to 3 or 5, so 3 and 5 cannot send packets to 1, A.

Figure 23 Restricted Cone NAT Example

84

Chapter 12 User Web Configurator Screens

Page 84
Image 84
ZyXEL Communications 2000W manual Restricted Cone NAT, Full Cone NAT Example