Routing and WAN connections
426
11.9
N:N mapping
BAT54-Rail/F..
Release
7.54
06/08
Some protocols (FTP, H.323) exchange parameters during their protocol ne-
gotiation, which can have influence on the address translation for the N:N
mapping. For a correct functioning of the address translation, the connection
information of these protocols are tracked appropriately by functions of the
firewall in a dynamic table, and are additionally considered to the entries of
the static table.
Note: The address translation is made “outbound”, i.e. the source address is
translated for outgoing data packets and the destination address for in-
coming data packets, as long as the addresses are located within the de-
fined translation range. An “inbound” address mapping, whereby the
source address is translated (instead of the destination address), needs
to be realized by an appropriate “outbound” address translation on the re-
mote side.
11.9.1 Application examples
The following typical applications are described in this section:
D Coupling of private networks utilizing the same address range
D Central remote monitoring by service providers
U Network coupling
An often appearing scenario is the coupling of two company networks which
internally use the same address range (e. g. 10.0.0.x). This is often the case,
when one company should get access to one (or more) server(s) of the other
one:
N:N mapping to 192.168.1.x
N:N mapping to 192.168.2.x
Gateway
Gateway
Server_A1: 10.0.0.1
Server_A2: 10.0.0.2
Server_B1: 10.0.0.1
Server_B2: 10.0.0.2
VPN tunnel
Target: 192.168.2.1
Network of firm A:
10.0.0.x
Network of firm B:
10.0.0.x
To Next Page
Loading...
