Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.3  Security Topologies

Previous Topic/Section
3.3.2  VLANs (Virtual LANs)
Previous Page
Pages in Current Topic/Section
1
Next Page
Types of NAT
Next Topic/Section

3.3.3  NAT (Network Address Translation)

NAT, or Network Address Translation, allows devices on private networks to communicate with outside networks by “translating” between the network address conventions used by each. This enables you to hide your internal network from the Internet.

Typically, NAT is used by an organization connecting its internal network, using a private IP address range, to the Internet. Recall that there is a private IP address range for each Class of TCP/IP network. Since these private IP address ranges cannot be used directly on the Internet, NAT was developed to act as a go-between, mapping internal host, port and connection information, to external connections.

NAT

Network Address Translation (NAT) maps private network addresses to public network addresses, allowing devices on private networks to communicate with outside networks.


NAT is most commonly used in TCP/IP networks, and its operation is specified in RFC 1631331. It works at OSI layer 3 (the same layer as routers).

When constructing packets to be sent out on the Internet, NAT should be applied to the packet before the IPSec encapsulation is performed. The reason for this is that IPSec relies on IP address information in each packet not changing between the time the IPSec encapsulation is applied, and the time the packet is received at the destination IPSec-enabled device. If NAT were applied after IPSec, it would change addresses in data headers and control packets, confusing IPSec.

NAT can also be used for tunnel mode IPSec, with the ESP protocol (which does not guard against the address changes that NAT devices make in the IP datagram header). For more information on combining NAT with IPSec, see this Cisco article.332

NAT with IPSec

To use NAT with IPSec, NAT should be applied to the packet before the IPSec encapsulation is performed.


Quick navigation to subsections and regular topics in this section



 __________________

331. http://www.ietf.org/rfc/rfc1631.txt

332. Phifer, Lisa, “The Trouble with NAT,” http://www.cisco.com/warp/public/759/ipj_3-4/ipj_3-4_nat.html

Previous Topic/Section
3.3.2  VLANs (Virtual LANs)
Previous Page
Pages in Current Topic/Section
1
Next Page
Types of NAT
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.