Inside/Outside Static/Dynamic NAT/PAT & Policy Nat.
I am skeptical about the 100% authenticity of these terminology, but I guess most of it should be correct.
Inside dynamic NAT
Translates between host addresses on more secure interfaces and a range or pool of IP addresses on a less secure interface. This provides a one-to-one mapping between internal and external addresses that allows internal users to share registered IP addresses and hides internal addresses from view on the public Internet.
Inside dynamic PAT
Translates between host addresses on more secure interfaces and a single address on a less secure interface. This provides a many-to-one mapping between internal and external addresses. This allows internal users to share a single registered IP address and hides internal addresses from view on the public Internet. PAT is supported for fewer applications than is NAT. For restrictions on its use, refer to the "How Application Inspection Works" section on page 5-1 in Chapter 5, "Configuring Application Inspection (Fixup)."
Inside static NAT
Provides a permanent, one-to-one mapping between an IP address on a more secure interface and an IP address on a less secure interface. This allows hosts to access the inside host from the public Internet without exposing the actual IP address.
Outside dynamic NAT
Translates between a host address on a less secure interface and a range or pool of IP addresses on a more secure interface. This provides a one-to-one mapping between an external and an internal address. This is most useful for controlling the addresses that appear on inside interfaces of the PIX Firewall and for connecting private networks with overlapping addresses.
Outside dynamic PAT
Translates between host addresses on less secure interfaces and a single address on a more secure interface. This provides a many-to-one mapping between external addresses and an internal address.
Outside static NAT
Provides a permanent, one-to-one mapping between an IP address on a less secure interface and an IP address on a more secure interface.
Policy NAT
Translates source and destination address pairs to different global statements, even if the source address is the same. For example, traffic from IP address A to server A can be translated to global address A, while traffic from IP address A to server B can be translated to global address B.
These definitions are from Config Guide 6.3 of PIX Firewall
Inside dynamic NAT
Translates between host addresses on more secure interfaces and a range or pool of IP addresses on a less secure interface. This provides a one-to-one mapping between internal and external addresses that allows internal users to share registered IP addresses and hides internal addresses from view on the public Internet.
Inside dynamic PAT
Translates between host addresses on more secure interfaces and a single address on a less secure interface. This provides a many-to-one mapping between internal and external addresses. This allows internal users to share a single registered IP address and hides internal addresses from view on the public Internet. PAT is supported for fewer applications than is NAT. For restrictions on its use, refer to the "How Application Inspection Works" section on page 5-1 in Chapter 5, "Configuring Application Inspection (Fixup)."
Inside static NAT
Provides a permanent, one-to-one mapping between an IP address on a more secure interface and an IP address on a less secure interface. This allows hosts to access the inside host from the public Internet without exposing the actual IP address.
Outside dynamic NAT
Translates between a host address on a less secure interface and a range or pool of IP addresses on a more secure interface. This provides a one-to-one mapping between an external and an internal address. This is most useful for controlling the addresses that appear on inside interfaces of the PIX Firewall and for connecting private networks with overlapping addresses.
Outside dynamic PAT
Translates between host addresses on less secure interfaces and a single address on a more secure interface. This provides a many-to-one mapping between external addresses and an internal address.
Outside static NAT
Provides a permanent, one-to-one mapping between an IP address on a less secure interface and an IP address on a more secure interface.
Policy NAT
Translates source and destination address pairs to different global statements, even if the source address is the same. For example, traffic from IP address A to server A can be translated to global address A, while traffic from IP address A to server B can be translated to global address B.
These definitions are from Config Guide 6.3 of PIX Firewall
posted by Ramchander at 11:06 PM
0 Comments:
Post a Comment
<< Home