7.3.2.1 Full Cone NAT
In full cone NAT, the NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. The NAT router also maps packets coming to that external IP address and port to the internal IP address and port.
In the following example, the NAT router maps the source address of all packets sent from the Prestige’s internal IP address 1 and port A to IP address 2 and port B on the external network. The NAT router also performs NAT on all incoming packets sent to IP address 2 and port B and sends them to IP address 1, port A.
Figure 32 Full Cone NAT Example
7.3.2.2 Restricted Cone NAT
As in full cone NAT, a restricted cone NAT router maps all outgoing packets from an internal IP address and port to a single IP address and port on the external network. In the following example, the NAT router maps the source address of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the external network.
The difference from full cone NAT is in how the restricted cone NAT router handles packets coming in from the external network. A host on the external network (IP address 3 or IP address 4 for example) can only send packets to the internal host if the internal host has already sent a packet to the external host’s IP address.
A Prestige with IP address 1 and port A sends packets to IP address 3 and IP address 4. The NAT router changes the Prestige’s IP address to 2 and port to B.
Both 4, D and 4, E can send packets to 2, B since 1, A has already sent packets to 4. The NAT router will perform NAT on the packets from 4, D and 4, E and send them to the Prestige at IP address 1, port A. Packets have not been sent from 1, A to 3 or 5, so 3 and 5 cannot send packets to 1, A.
Chapter 7 Introduction to VoIP | 96 |