Wait a second.. How could you have 64000 different people inside using PAT
to convert to 1 global IP address? Wouldn't you need 64000 ports on the
switch?? I thought that you needed 1 physical port (inside) per logical port
translation. For example, I thought that port 2/1 on the switch would be
converted to TCP port 1024 on the outside, and port 2/2 on the inside would
be converted to TCP port 1025 on the outside.. ect.. Could anyone clarify
this?
Thanks in advance,
Freddo
>From: "mjans001" <[EMAIL PROTECTED]>
>To: "Fred Danson" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
>Subject: RE: Question about Napt
>Date: Thu, 25 Jan 2001 15:33:35 +0100
>
>Hi Fred. I don't have the answers, but came across a nice NA(p)T article.
>I'll be watching while this also has my interest.
>
>http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html
>
>
>Quote:
>The Cisco Secure PIX Firewall series supports port address translation
>(PAT)
>with "port-level multiplexing"---a method to further conserve IP addresses.
>With PAT, users' inside local addresses are automatically converted to
>single outside local addresses using different port numbers to distinguish
>between each translation. More than 64,000 inside hosts can be served by a
>single outside IP address with PAT.
>http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm
>
>Somewher else it states 64.000 TCP-connections at the same time.
>Not the theory, but some info after all.
>
>Cheers, Martijn
>
>-----Oorspronkelijk bericht-----
>Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Fred
>Danson
>Verzonden: donderdag 25 januari 2001 15:07
>Aan: [EMAIL PROTECTED]
>Onderwerp: Question about Napt
>
>
> Hi, I was reading RFC3022 about Napt last night, and I still dont
>understand one thing about it. From what I understand is that Napt allows
>you to use one single globally unique IP address on the WAN interface of
>your router, and then a large number of local addresses inside your network
>which aren't globally unique.
> Now the router will be able to translate the different traffic
>streams
>coming from the WAN according to the port on the packet. So if host A
>inside
>the network wanted to communicate with Host B which is on a different
>outside network, it would directly address the outside site, and the router
>would catch the packet enroute and change the source IP address to the
>router WAN interface IP address and also change the source port to a port
>of
>the router's discretion.
> Normally, from what I understand, ports are used to multiplex streams
>of traffic across a link. If Host A was using two applications and wanted
>to
>start a second session with Host B. Would the router allow this? The RFC
>states "While not a common practice, it is possible to have an application
>on a private host establish multiple simutaneous sessions originating from
>the same tuple of (private address, private TU port). In such a case, a
>single binding for the tuple of (private address, private TU port) may be
>used for translation of packets pertaining to all sessions originating from
>the same tuple on a host. How exactly would the applications know which
>traffic stream was for itself?
> Also, how many local hosts can the router assign to a single IP
>address
>before it has to use a second IP address? Could a company of 100000 use a
>single IP address for NAPT? or would it need to use more than one?
>
>
>Thanks in advance,
>
>Freddy
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com
>
>_________________________________
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
