Port Address Translation

Source Addr n 2 Destination ' Addr

Destination Port

Source Addr n 2 Destination ' Addr

Destination Port

10.0.0.2

J

172.30.0.50

1—

1 49090

I —

1 23

1—u

192.168.0.15 | Source Addr

^172.30.0.50 | Destination Addr

2000 | Source Port _23_| Destination Port

192.168.0.15 | Source Addr

^172.30.0.50 | Destination Addr

2000 | Source Port _23_| Destination Port

Source Addr 10.0.0.3 | -172.30.0.50 I" 49090 |-

Destination

Source Port

192.168.0.15 | Source Add

172.30.0.50 I Destination Addr

Destination Port

J"

2001_I Source Port

Destination

©2000, Cisco Systems,

CSPFA 1.01-2-20

Port Address Translation (PAT) is a combination of an IP address and a source port number, which creates a unique session. PAT uses the same IP address for all packets, but a different unique source port greater than 1024.

PAT provides the following advantages:

■ PAT and NAT can be used together.

■ The PAT address is different than the outside interface address.

■ PAT provides for IP address expansion.

■ One outside IP address is used for up to 63,000 inside hosts.

■ PAT maps port numbers to a single IP address.

■ PAT hides the inside source address by using a single IP address from the PIX Firewall.

In the figure above, two clients are requesting connectivity to the Internet. The PIX Firewall checks security rules to verify the security levels, and then replaces the source IP address with the PAT IP address. To maintain accountability, the source port address is changed to a unique number greater than 1024.

0 0

Post a comment