SCTP NAT
SCTP NAT enables the firewall to translate the private IP addresses of sent and received SCTP packets to public IP addresses.
Application Scenario
In a typical scenario,
the FW acts as an egress
gateway for the roaming service and translates the IP addresses of
the SCTP packets originated from or destined for the signaling transfer
point (STP) on a private network. The SS7 signaling interworking roaming
service is used as an example.
Figure 1 SCTP NAT on a carrier network
Roaming service packets of a carrier are transmitted using SCTP. If the STP of the carrier is deployed on a private network, SCTP NAT is required on the egress firewall of the carrier to translate the IP addresses of the SCTP packets originated from and destined for the STP.
Implementation Mechanism
The INIT and INIT-ACK packets carry the source and destination address lists. The firewall has to translate not only the source and destination IP addresses in packet headers but also the addresses in the source and destination address lists.
Figure 2 SCTP NAT implementation
- All IP addresses in the address list share the same port number.
- SCTP packets support only NAT Server.
- NAT ALG is unavailable for the service packets transmitted using SCTP.