Академический Документы
Профессиональный Документы
Культура Документы
Solution
There are two kinds of Hide IP addresses: a virtual address or the IP address of
the VPN-1/FireWall-1 interface leading to the Internet. The "virtual" address is
an address separate from the VPN-1/FireWall-1 Security Gateway configuration,
and must be routable on the Internet. When Administrators use the leading
interface of the VPN-1/FireWall-1 Gateway as the Hide NAT address, no
additional IP address is necessary. The VPN-1/FireWall-1 interface hides all
internal hosts and traffic from the hosts appearing to emanate from the
Gateway.
Two privately addressed hosts, 10.1.1.1 and 10.1.1.2, are accessing Web sites
on the Internet. As each HTTP request exits the Gateway, both show a source
address of the Gateway: 172.21.101.1. Although the traffic seems to
emanate from the same source, the HTTP requests are processed by the
Gateway on different ports.
VPN-1/FireWall-1 remembers the ports associated with the requests. When the
reply is returned from the Web site on the Internet, the VPN-1/FireWall-1
Gateway can translate the reply packets to the private IP addresses, based on
the port associated with the reply.
-600 to 1023
or
-10,000 to 60,000
VPN-1/Firewall-1 tracks the port number changes, and uses the port numbers to
determine how to translate the reply packets sent to the Hide NAT address.
Although port numbers are constantly being assigned to exiting
packets, no source port number can be used by more than one
connection at a time. The limit to the number of simultaneous Hide NAT
connections is 50,000 internal requests to the same external server.
1 di 1 03/02/2015 15:34