Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT/PAT

Suppose there is an archetecture like this: a firewall (connectted to internet) and a web/app server in the DMZ.

Any outgoing request (initialized from a inside LAN computer) will be processed by the firewall('s internal table):

from: 192.168.32.10 port 400

firewall outside: 215.37.32.203 port 1

which will be used to convert back to the 192.168.32.10 port 400 once the response comes back from the outside;

Now, if a request is initialized from an outside remote user's computer such as 123.44.55.6. It requests the web server (in the DMZ) via http to gain access to the web site. Does the firewall create a table similar to the above-mentioned, to record/convert back and forth the IP address and port, too?

(I mean, is the (frewall) conversion table used for the outbounding only, or for inbounding, too)?

Thanks tohelp.

Scott

1 REPLY
New Member

Re: NAT/PAT

NAT is a 1:1 translation. So, if you setup a nat, then yes the "converstion" is bidirectional.

PAT is a Many:1 translation. So Cisco can't tell where an inbound connection needs to go unless there's a table entry already setup for that connection (either via an outbound connection starrting the connection, or via a static mapping of a specific outbound port to a specific inbound server/port).

89
Views
3
Helpful
1
Replies