Destination NAT on the USG9000 series

NAT is a type of address translation technology that converts the address in an IPv4 packet header into another address. Generally, the NAT technology is used to convert private addresses in IPv4 packet headers into public addresses so that users on the private network can access the Internet concurrently by using a few public addresses. The NAT technology is usually used to address the issue of public IPv4 address shortage caused by the constant increase in the Internet scale.

There are three types of NAT: source NAT, server mapping, and destination NAT.

Source NAT involves converting the source address in packets. Source NAT is implemented in different ways in different scenarios.

The destination NAT is mainly used to modify the destination gateway address when a mobile device user accesses the Internet.

The differences between the source NAT and the destination NAT are as follows: Source IP address-based NAT The source IP address-based NAT indicates that the system translates a source address in an IP packet used to initiate a connection. The source NAT enables intranet users to access external networks. By translating private IP addresses of internal hosts to public IP addresses, multiple hosts in a LAN can access external resources with a few valid public IP addresses. In this way, the internal host IP addresses are effectively hidden, thereby improving the security. Generally, because the security level of the intranet is higher than that of the extranet, the source NAT is also known as NAT Outbound. NAT No-PAT The NAT No-pat indicates the NAT without PAT. After No-pat parameters are configured, the system map all ports before and after translation. The advantage of this application is that all intranet port addresses are not translated, while the disadvantage is that public IP addresses cannot be used by intranet hosts. NAPT The NAPT is a technique in which port numbers and private IP addresses are mapped from multiple internal hosts to one public IP address. This applicable enables multiple intranet users to share the same public IP address. In NAPT mode, the IP address of the interface that connects the device to the external network can be borrowed as the translated IP address. This application is also known as easy-IP. Destination IP address-based NAT The destination IP address-based NAT indicates that the system translates a destination address in an IP packet. Generally, this application can hide the real IP address of a network device that provides services to external networks, so that clients access the network device using a public IP address. NAT Server NAT Server is the most commonly used NAT based on the destination address. When a server is deployed on the intranet, its IP address is a private IP address. However, public network users can access the server only with a public IP address. In this scenario, you can configure NAT Server, so that the system automatically forwards packets for accessing the public IP address to the intranet server. Destination NAT When a mobile terminal accesses the wireless network, you can deploy a firewall between the terminal and the WAP gateway and configure the destination NAT function if the default WAP gateway address is inconsistent with the WAP gateway address specified by the local service provider, so that the firewall automatically forwards packets destined for the incorrect WAP gateway address to the correct WAP gateway address.