NAT Benefits for New Users
The Olden Days
Back in ancient history (really just two years ago), your organization
could request and be issued a network address of your own that could be
used on the Internet. Those days are gone, largely due to the surprise
explosion of interest in the Internet. The problem that appeared
relates to the size of the Internet routing tables that control the
direction each message takes as it runs through the Internet to its
destination. The tables are simply too large to allow discrete routes
to small isolated networks like that. Now, instead of being assigned
your own network to keep forever, you are "loaned" a network by your
Internet Service Provider. That's fine until you have to
switch providers.
Independence from Your ISP
Sometimes our needs or preferences change, or we simply must switch our
provider for reasons beyond our control. When that happens, and you
are using loaned IP Addresses within your organization, you will need to
reconfigure each and every computer to the new
addresses that your new provider loans you. Do you have the time and
staff to do this? Do you want to hire someone to do it? With our NAT
products, you don't have to do it at all!
Our NAT Products
With one of our NAT products, you use "private" IP Addresses from
the list defined in Internet Standard RFC
1597, rather than addresses loaned to you by your provider.
The "other side" of the NAT, the side that your provider connects to,
uses a single IP Address from the provider's assigned addresses.
All messages that leave your site and go out through your provider
use the outside address. None of your inside addresses are visible
to anyone. If you change providers, only the outside address needs
to be changed. Your inside addresses never need to be touched.
How does it work? Read on for the short answer, or follow the link to
the complete techie details?
Network Address Translation
The Short Answer
Each of our NAT products acts like an IP router. The Internet
Service Provider assigns an IP Address from his assigned numbers to the
ISP's side of the NAT. On "the other side" of the NAT (your private
Intranet), almost any IP Addresses may be used. If none are in use yet,
we recommend the "private" addresses from
RFC 1597. These are free to use
forever, but for internal use only.
When a user computer on the "inside" sends a message to the outside
world via the NAT, the NAT keeps track of the actual "inside" address of
that computer, but substitutes the assigned "outside" address into the
message before it is sent into the Internet. When a reply comes back
from the outside, the NAT restores the actual address before sending the
reply to the user computer.
There are cases that get more complicated than this, and if you are
interested, you should read the
complete techie details.
Internet Security
We're all concerned about security, and our NAT helps you here. Only
messages that exactly match a connection are permitted
in from the Internet. This means that only messages that are in
response to your requests may enter your Intranet, unless you explicitly
allow them through configuration. Competing NATs that provide a simple
mapping of IP Addresses may unintentionally give the hacker a window
into your Intranet.
This page was last modified on April 19, 1996.
Copyright © 1996 Network Safety
This information is proprietary to Network Safety. Network Safety, WebElite and NetNAT
are trademarks of Network Safety. For information on our products and services,
please contact our sales department.
This page was prepared using WebElite, our professional editor for the Web.