Application Level Gateway

gokibria Diamond Medal

(1)
7 years 10 months ago View: 1171 Reply: 4

1F
View The Author

NAT and NAPT can translate the address in the IP packet header and the port number in the TCP/UDP packet header only. However, the IP address and port number information can also be put in the payload of some packets, such as FTP packets, which cannot be translated by NAT technologies and may cause some errors.

For example, an FTP server using the internal IP address sends its IP address to an extranet host through the control tunnel when establishing the session with the host. Because the address is in the data part of the IP packet, the NAT for this address cannot be performed. When the extranet host receives and uses this private address, the FTP server is unreachable. As a result, the data channel cannot be established for data communication.

Adding Application Level Gateway (ALG) to NAT, you can solve the above problem. ALG is the translation proxy of some application protocols. It interacts with NAT to modify the specific data encapsulated in the IP packet based on the NAT state information and helps the application protocols to function in various ranges through other necessary processes.

Eudemon provides a perfect NAT ALG mechanism with good scalability, which can support various special application protocols without need of modifying NAT platform.

At present, the Eudemon 8080E/8160E implements the following ALG functions of frequently used application protocols: