NAT (network address translation)
To extend the reach of the IPv4 address space, companies have turned to using private IPv4 addresses through a public-to-private address translation technique known as network address translation (NAT).
NAT works by using the several million private addresses that have been put aside by the Internet Engineering Task Force, turning a public IP address such as 192. 156.136.22 into a private address, such as 10.0.0.4, for delivery to a user's PC. Private IP addresses cannot be "seen" by the Internet, and therefore may be reused by various enterprise networks.
In conjunction with a NAT-enabled gateway or router device, a privately addressed network may hide hundreds or thousands of hosts behind a single public address. The NAT device differentiates among the PCs by translating their port numbers into unique values.
But NAT is limited by applications such as streaming media that transmit IP addresses or port numbers in the payloads of packets. Such applications require that NAT take on application-specific knowledge and perform additional computation.
Worse, because NAT typically resides in a boundary router between private and public networks, it can't function with IP Security (IPSec), the popular encryption technology for virtual private networks. IPSec requires true end-to-end handshaking in order to set up initial encryption rules. Once encrypted at a client system, IPSec packets cannot be modified - or recognized - by NAT.
From Protocol helps stretch IPv4 addresses, Network World Tech Update, 01/17/00.
Also see Realm-Specific Internet Protocol.
Additional resources
How-to articles on NAT
Why require stateful inspection?
Don't disable NAT, because you still get benefits through network address translation. Just don't assume using NAT today closes all your security holes. Network World, 06/10/02.
Comments:
NAT
by soe min htut
very good for Technical support.
Add a comment
