Re: Static NAT in ISA server
From: Phillip Windell (_at_.)
Date: 03/10/04
- Next message: Jenna: "Server Publishing Rule Failed & Firewall service failed to bind socket"
- Previous message: Phillip Windell: "Re: Antivirus on ISA Server"
- In reply to: Jack Jones: "Re: Static NAT in ISA server"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 10 Mar 2004 09:25:59 -0600
Every firewall manufacturer out there seems different terminology for
everything. "Firewall lingo" has become more "slang" that any official
terminology.
Here's the best I can define them (I'm sure some will argue with me). These
may variy slightly depending on which vendor's documentation you read.
NAT - In practice it is usually really "NAT Overload" or NAT with Port
Address Translation. In *normal* NAT there is a one-to-one relationship
between the internal user and one external IP# from a list of external IP#s.
If you only have 5 external IP#s then only 5 internal users can use the
connection at once. Obviously this is not the variation of NAT normally used
since most people only have one external IP#
NAT Overload (NAT with PAT) - This one maps an internal user with the
single external IP# while using the user's random "Client Port" (aka Source
Port) to distinguish one user from another. This is the most common one used
and is typically what most firewalls are using even though they may only
refer to it an simply "NAT". Many users can use the same external IP# as
long as the Source Port is different.
One-to-One NAT - This one permanently maps an internal machine with a
single external IP. The port number doesn't matter. Anything comming to the
chosen external IP# is always sent to the internal machine.
Reverse-NAT - This is sometimes called "Static-NAT" depending on vendor.
This is similar to the above One-to-One except that it focuses on the port
#. Anything comming to the external IP# on the chosen port# is passed to
the internal machine on the same IP#. If this is combined with PAT (Port
Address Translation) then the internal port# may be different than the
external port #.
-- Phillip Windell [MCP, MVP, CCNA] www.wandtv.com "Jack Jones" <jj@u.net> wrote in message news:OPToL3dBEHA.392@TK2MSFTNGP12.phx.gbl... > When you say static NAT'ing do you mean one-to-one NAT'ing? > I'm not familiar with that term. > > "Bappaditya" <bappa_ditya@hotmail.com> wrote in message > news:71997946-340C-452B-9DC4-788011D82370@microsoft.com... > > I would like to know how will I do static Nating in ISA 2000 Server is it > possible ?? > > > > If it is possible then how to do that.. > > > > > > Thanks in Advance > > Regards > > Bappaditya > >
- Next message: Jenna: "Server Publishing Rule Failed & Firewall service failed to bind socket"
- Previous message: Phillip Windell: "Re: Antivirus on ISA Server"
- In reply to: Jack Jones: "Re: Static NAT in ISA server"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
