< Home

NAT No-PAT

NAT No-PAT translates only IP addresses and maps one private address only to a single public address. This mode applies to scenarios where each private network user usually can have a public IP address in the address pool. Figure 1 shows its mechanism.

Figure 1 Mechanism of NAT No-PAT

FW shows the NAT No-PAT process when the host accesses the web server.

  1. After the host sends a packet to the FW, the FW finds that the packet needs to travel from the Trust zone to the Untrust zone and that the packet matches a security policy. The FW also finds that the packet matches a specific NAT policy so that NAT address translation must be performed.
  2. The FW replaces the source IP address of the packet with a public IP address picked from the NAT address pool, and then forwards the packet to the WAN interface. At the same time, the FW adds an entry to the server-map and session tables.
  3. The web server sends a response packet destined for the host. The FW receives the response and searches the session table for the entry created in 2. Then the FW translates the destination address in the packet into the host IP address based on the entry and forwards the packet to the host over the intranet.

In this manner, one-to-one translation is implemented on the private and public IP addresses. If all addresses in the address pool are allocated, NAT cannot be performed for the rest intranet hosts until the address pool has available addresses.

The FW generates a server-map table that stores the mappings between host private IP addresses and public IP addresses.

NAT NO-PAT falls into:

Parent Topic: About Source NAT
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >