139.221.2-139.221.10WWW.SYNGRESS.COMWWW.SYNGRESS.COM

Syngress Managing Cisco Network Security

Nội dung
Đáp án tham khảo

207.139.221.2-207.139.221.10

https://traloihay.net

Network Address Port Translation (NAPT)

NAPT extends the concept of translation one step further by also trans-

lating transport identifiers—TCP and UDP port numbers—and ICMP query

identifiers. This allows the transport identifiers of a number of private

hosts to be multiplexed into the transport identifiers of a single global IP

address. NAPT allows numerous hosts from the inside network to share a

single outside network IP address. The advantage of this type of translation

is that only one global IP address is needed for every 6,400 simultanious

sessions, whereas with NAT, each inside host must translate to a unique

outside IP address.

TIP

Both NAT and NAPT can be combined; the advantage is that when NAT

exhausts the pool of global IP addresses, NAPT can then be used until

one of the NAT translations is timed out. This method ensures that all

inside hosts can be translated successfully into outside global IP

addresses.

Figure 3.4 illustrates NAPT. Host A on the inside network needs to

communicate with Host Z on the outside network. Because these two hosts

are on different networks and the inside network uses IP addresses from a

private address space, NAT/NAPT is needed to allow the two hosts to com-

municate. Unfortunately the administrator has only a limited number of

global IP addresses, many of which have already been assigned to various

devices. Therefore NAT cannot be used for translations.

As an alternative, NAPT can be used instead. To perform NAPT:

139.221.2-139.221.10WWW.SYNGRESS.COMWWW.SYNGRESS.COM

https://traloihay.net

Network Address Port Translation (NAPT)

NAPT extends the concept of translation one step further by also trans-

lating transport identifiers—TCP and UDP port numbers—and ICMP query

identifiers. This allows the transport identifiers of a number of private

hosts to be multiplexed into the transport identifiers of a single global IP

address. NAPT allows numerous hosts from the inside network to share a

single outside network IP address. The advantage of this type of translation

is that only one global IP address is needed for every 6,400 simultanious

sessions, whereas with NAT, each inside host must translate to a unique

outside IP address.

TIP

Both NAT and NAPT can be combined; the advantage is that when NAT

exhausts the pool of global IP addresses, NAPT can then be used until

one of the NAT translations is timed out. This method ensures that all

inside hosts can be translated successfully into outside global IP

addresses.

Figure 3.4 illustrates NAPT. Host A on the inside network needs to

communicate with Host Z on the outside network. Because these two hosts

are on different networks and the inside network uses IP addresses from a

private address space, NAT/NAPT is needed to allow the two hosts to com-

municate. Unfortunately the administrator has only a limited number of

global IP addresses, many of which have already been assigned to various

devices. Therefore NAT cannot be used for translations.

As an alternative, NAPT can be used instead. To perform NAPT:

Bạn đang xem 207. - Syngress Managing Cisco Network Security