The DialNAT
By Network Safety

Network Safety is proud to announce the newest member of its product line. Meet the DialNAT! This device provides dial-on-demand PPP access for the small business, schools, remote library branches or even the home! Sharing many of the features of our LAN-only NetNAT product, the DialNAT brings dedicated line convenience to the small remote LAN, and at dial connection costs.

DialNAT Overview

The DialNAT is your IP Router in a Dial PPP connection. Instead of dialing your Internet Service Provider from a user PC, the DialNAT places the call when anyone on your local LAN attempts an IP connection to a system that is not local. The DialNAT negotiates the connection and then provides full IP access for each and every computer on your LAN. Since the DialNAT is an enhanced RFC 1631 NAT as well, your Service Provider and the rest of the Internet have no idea you are doing this. All of your computers share the IP Address of the DialNAT!

DialNAT Features

Our DialNAT is an IP Router with a bunch of extra features. It provides:

Internet Access Control
Dial-on-Demand PPP with PAP and IP Address Negotiation
Sharing of the PPP Connection by All Computers
Sharing of an IP Address by All Computers
Security to Protect Your Local Computers from the Internet
Improvement Over a Dial PPP Stack on a PC

Dial-on-Demand PPP with PAP and IP Address Negotiation

If your local computers are configured to use the DialNAT as their "default gateway," then any time a local user attempts to access a non-local service, the user's computer will try to use the DialNAT to accomplish that access. If the DialNAT's PPP connection is not up at the time, the DialNAT will attempt to bring it up by placing a call to your Internet Service Provider. Once connected, the DialNAT will keep the line up until a specified amount of idle time has passed.

During the connection phase, the DialNAT will converse with the ISP's equipment to negotiate a connection that will work. This can include the Internet Protocol Address that your DialNAT will use for the duration of the connection. If your ISP does not use IP Address negotiation, you may configure your DialNAT to use a pre-assigned Address.

If your ISP requires PAP authentication, which is just more verification that you're really you, the DialNAT can support that as well.

Your users do not become involved in any of this process. The DialNAT assumes the connection responsibility.

Sharing of the PPP Connection by All Computers

Once the PPP connection is in place, all user computers share it for Internet access. The old battle for the modem and phone line has become a distant memory, and you don't need to buy lots of modems, lines and accounts, just to get multiple users connected at once. Users may access offsite services as desired. Of course, if two users are fetching large files at the same time, they will notice a decrease in apparent bandwidth. Even with this occasional inconvenience the benefits outway the drawbacks.

Sharing of an IP Address by All Computers

Where the DialNAT differs from other dial access routers is in its innovative IP Address Sharing. This makes all of your local computers appear to be just one big computer to the Internet. The DialNAT modifies the messages from your computers, substituting the IP Address that your Internet Service Provider gave you, and does the opposite on messages from the outside to you. This is an extension of the NAT specification "RFC 1631" that was pioneered by Network Safety. For more details please see our NetNAT Specification. The DialNAT is the only dial access router providing this feature.

Increased Security

Everyone needs a firewall, and the DialNAT provides firewall security and more. First of all, only client requests from within your network and matching responses can pass through the DialNAT, unless you specifically configure it otherwise. If you choose to allow one or more of your internal servers to be "seen" by the Internet, you must explicitly define those to the DialNAT. The DialNAT can even "move" those services to different ports on your internal servers, if you have separate services for inside and outside. For details, please see Virtual Servers in our NetNAT Specification. Any other service is rejected at the PPP interface of the DialNAT. If you have a UNIX host on the inside, the DialNAT will be happy to log these rejected requests by way of the syslog facility. That way you may monitor the attempts. No other Dial Demand Router does this!

All information about your internal network is obscured by the DialNAT's address and port translation activities. Nobody knows how many workstations or hosts you have, or what network addressing scheme you're using inside. Most importantly, this is being done in a way that is not obvious to the outside world. To them, your world looks like a big UNIX, AIX or NT host with a lot of users! Let someone else give clues to the malicious!

Why a DialNAT is Better Than a Dial Stack on a PC

Need we say more? If this PC has the dial line, your connection is history. If this PC was accessing the Internet through a DialNAT, as soon as the reboot is done, the user may continue work. The connection will still be there!

This page was last modified on December 6, 1995.

This information is proprietary to Network Safety. Network Safety, WebElite, DialNAT and NetNAT are trademarks of Network Safety. For information on our products and services, please contact our sales department.

This page was prepared using WebElite, our professional editor for the Web.

The DialNATBy Network Safety