The translation is maintained and is valid for the duration of the connection and cleared
when the session is terminated. If the same host initiates another connection, there is no guarantee it will
acquire the same address from the mapped pool. Addresses from the pool are handed out on a first-come, firstserved
basis. Therefore, because the translated address varies, the destination-side user cannot initiate inbound
connections when dynamic NAT is used. Dynamic NAT and PAT are used for unidirectional communication only.
Figure 6-10 shows how dynamic NAT works.
Figure 6-10. Dynamic NAT
Dynamic PAT
Dynamic PAT translates a group of real (private) addresses that are mapped to a single mapped IP address by
using a combination of a mapped IP address and a source port number to create a unique session. Hence, the
same IP address is used for all packets with a different source port for each session. The Security Appliance
translates the source address and source port (Layer 3 and Layer 4 combination) to the mapped address and a
unique port above 1024.
Each connection entails a separate translation because the source port differs for each connection. The
translation is maintained and remains valid for the duration of the connection.
Pages:
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299