Hi Fred. I don't have the answers, but came across a nice NA(p)T article.
I'll be watching while this also has my interest.
http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html
Quote:
The Cisco Secure PIX Firewall series supports port address translation (PAT)
with "port-level multiplexing"---a method to further conserve IP addresses.
With PAT, users' inside local addresses are automatically converted to
single outside local addresses using different port numbers to distinguish
between each translation. More than 64,000 inside hosts can be served by a
single outside IP address with PAT.
http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm
Somewher else it states 64.000 TCP-connections at the same time.
Not the theory, but some info after all.
Cheers, Martijn
-----Oorspronkelijk bericht-----
Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Fred
Danson
Verzonden: donderdag 25 januari 2001 15:07
Aan: [EMAIL PROTECTED]
Onderwerp: Question about Napt
Hi, I was reading RFC3022 about Napt last night, and I still dont
understand one thing about it. From what I understand is that Napt allows
you to use one single globally unique IP address on the WAN interface of
your router, and then a large number of local addresses inside your network
which aren't globally unique.
Now the router will be able to translate the different traffic streams
coming from the WAN according to the port on the packet. So if host A inside
the network wanted to communicate with Host B which is on a different
outside network, it would directly address the outside site, and the router
would catch the packet enroute and change the source IP address to the
router WAN interface IP address and also change the source port to a port of
the router's discretion.
Normally, from what I understand, ports are used to multiplex streams
of traffic across a link. If Host A was using two applications and wanted to
start a second session with Host B. Would the router allow this? The RFC
states "While not a common practice, it is possible to have an application
on a private host establish multiple simutaneous sessions originating from
the same tuple of (private address, private TU port). In such a case, a
single binding for the tuple of (private address, private TU port) may be
used for translation of packets pertaining to all sessions originating from
the same tuple on a host. How exactly would the applications know which
traffic stream was for itself?
Also, how many local hosts can the router assign to a single IP address
before it has to use a second IP address? Could a company of 100000 use a
single IP address for NAPT? or would it need to use more than one?
Thanks in advance,
Freddy
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
