NAT_S615
Entry ID: 109744660, V1.1, 08/2017
Siemens AG All rights reserved
3.1.3 NAT mechanisms
NAT
NAT (Network Address Translation) is a method of translating IP addresses in data
packets. It can be used to interconnect two different networks (internal and
external).
There are two different NATs: source NAT that translates the source IP address
and destination NAT that translates the destination IP address.
IP masquerading
IP masquerading is simplified source NAT. With each outgoing data packet sent via
this interface, the source IP address is replaced with the IP address of the
interface. The adapted data packet is sent to the destination IP address. To the
destination host, it seems as if the requests always came from the same sender.
The internal nodes cannot be directly accessed from the external network. Using
NAPT, the services of the internal nodes can be made accessible via the external
IP address of the device.
IP masquerading can be used if the internal IP addresses cannot or should not be
routed externally, for example, because the internal network structure should
remain hidden.
NAPT
NAPT (Network Address and Port Translation) is a form of destination NAT and is
also called port forwarding. It can be used to make services of the internal nodes
accessible from the outside that are hidden by IP masquerading or source NAT. It
translates incoming data packets from the external network that are intended for an
external IP address of the device (destination IP address). The destination IP
address is replaced with the IP address of the internal node. In addition to address
translation, port translation is possible as well.
Source NAT
Like IP masquerading, source NAT translates the source IP address. In addition, it
can be used to limit the outgoing data packets. This includes limiting them to
certain IP addresses or IP address ranges and certain interfaces. These rules can
also be applied to VPN connections. Source NAT can be used if the internal IP
addresses cannot or should not be routed externally.
NETMAP
With NETMAP, complete subnets can be translated to a different subnet. This
translation changes the subnet portion of the IP address and retains the host
portion. For translating, NETMAP requires only one rule. NETMAP can translate
both the source IP address and the destination IP address. To perform the
translation with destination NAT and source NAT, many rules would be required.
NETMAP can also be applied to VPN connections.
To Next Page
Loading...
Need help?
General
