Freddo,
Your confusing physical ports on a switch with logical TCP/UDP
ports in an IP packet. One has nothing to do with another. A
single physical port can support any number of IP packets with any
number of TCP/UDP port numbers from any number of IP
addresses.
A physical port on a layer 2 ethernet switch usually has no
knowledge whatsoever of the upper layer addresses and ports
passing through it. Bottom line, there's no correlation between
physical ports on a switch and logical upper layer ports.
HTH,
Kent
On 25 Jan 2001, at 9:41, Fred Danson wrote:
> Wait a second.. How could you have 64000 different people inside using PAT
> to convert to 1 global IP address? Wouldn't you need 64000 ports on the
> switch?? I thought that you needed 1 physical port (inside) per logical port
> translation. For example, I thought that port 2/1 on the switch would be
> converted to TCP port 1024 on the outside, and port 2/2 on the inside would
> be converted to TCP port 1025 on the outside.. ect.. Could anyone clarify
> this?
>
> Thanks in advance,
>
> Freddo
>
>
> >From: "mjans001" <[EMAIL PROTECTED]>
> >To: "Fred Danson" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> >Subject: RE: Question about Napt
> >Date: Thu, 25 Jan 2001 15:33:35 +0100
> >
> >Hi Fred. I don't have the answers, but came across a nice NA(p)T article.
> >I'll be watching while this also has my interest.
> >
> >http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html
> >
> >
> >Quote:
> >The Cisco Secure PIX Firewall series supports port address translation
> >(PAT)
> >with "port-level multiplexing"---a method to further conserve IP addresses.
> >With PAT, users' inside local addresses are automatically converted to
> >single outside local addresses using different port numbers to distinguish
> >between each translation. More than 64,000 inside hosts can be served by a
> >single outside IP address with PAT.
> >http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pie_ds.htm
> >
> >Somewher else it states 64.000 TCP-connections at the same time.
> >Not the theory, but some info after all.
> >
> >Cheers, Martijn
> >
> >-----Oorspronkelijk bericht-----
> >Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Fred
> >Danson
> >Verzonden: donderdag 25 januari 2001 15:07
> >Aan: [EMAIL PROTECTED]
> >Onderwerp: Question about Napt
> >
> >
> > Hi, I was reading RFC3022 about Napt last night, and I still dont
> >understand one thing about it. From what I understand is that Napt allows
> >you to use one single globally unique IP address on the WAN interface of
> >your router, and then a large number of local addresses inside your network
> >which aren't globally unique.
> > Now the router will be able to translate the different traffic
> >streams
> >coming from the WAN according to the port on the packet. So if host A
> >inside
> >the network wanted to communicate with Host B which is on a different
> >outside network, it would directly address the outside site, and the router
> >would catch the packet enroute and change the source IP address to the
> >router WAN interface IP address and also change the source port to a port
> >of
> >the router's discretion.
> > Normally, from what I understand, ports are used to multiplex streams
> >of traffic across a link. If Host A was using two applications and wanted
> >to
> >start a second session with Host B. Would the router allow this? The RFC
> >states "While not a common practice, it is possible to have an application
> >on a private host establish multiple simutaneous sessions originating from
> >the same tuple of (private address, private TU port). In such a case, a
> >single binding for the tuple of (private address, private TU port) may be
> >used for translation of packets pertaining to all sessions originating from
> >the same tuple on a host. How exactly would the applications know which
> >traffic stream was for itself?
> > Also, how many local hosts can the router assign to a single IP
> >address
> >before it has to use a second IP address? Could a company of 100000 use a
> >single IP address for NAPT? or would it need to use more than one?
> >
> >
> >Thanks in advance,
> >
> >Freddy
> >_________________________________________________________________
> >Get your FREE download of MSN Explorer at http://explorer.msn.com
> >
> >_________________________________
> >FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> >Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
