ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzatj_5.4.0.1/icnat.htm

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="dc.language" scheme="rfc1766" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights                   -->
<!-- Use, duplication or disclosure restricted by            -->
<!-- GSA ADP Schedule Contract with IBM Corp.                -->
<meta name="dc.date" scheme="iso8601" content="2005-09-06" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2004, 2006" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow"/>
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<title>Network address translation (NAT)</title>
<link rel="stylesheet" type="text/css" href="ibmidwb.css" />
<link rel="stylesheet" type="text/css" href="ic.css" />
</head>
<body>
<a id="Top_Of_Page" name="Top_Of_Page"></a><!-- Java sync-link --> 
<script language = "Javascript" src = "../rzahg/synch.js" type="text/javascript"></script>


<a name="icnat"></a>
<h3 id="icnat">Network address translation (NAT)</h3>
<p>Network Address Translation (NAT) translates internal or private IP addresses
to public or globally routable IP addresses and also translates ports. In
order for the Universal Connection to connect to IBM&reg; through a NAT, you must enable NAT traversal,
as described in the <a href="../rzaja/rzajaudpencap.htm">NAT compatible IPSec</a> topic,
so that the translation of the address does not break the encrypted data flow.
The Universal Connection wizard automatically enables this technology.</p>
<p>NAT provides the following advantages:</p>
<ul>
<li>NAT saves public IP addresses. Because a client only needs a public IP
address when it is communicating with the Internet, the pool of globally routable
IP addresses can be shared with other clients. Therefore, you need fewer public
IP addresses than the actual number of internal clients that need access to
the public network if you use NAT. When your private IP address sends traffic
through the NAT, this software translates the private address to the public
address. This feature and the ability to translate both the IP address and
port (NAT port mapping) make it possible, in many NAT implementations, to
require only one public IP address.</li>
<li>NAT hides the internal network's IP addresses.</li>
<li>It simplifies routing. Since internal hosts are assigned IP addresses
from the internal network, other internal systems can access them without
special routes or routers. The same hosts are accessed from the public network
through globally routable IP addresses translated by NAT.</li>
<li>NAT is transparent to the client and, therefore, allows you to support
a wider range of clients.</li>
<li>NAT supports a wide range of services with a few exceptions. Any application
that carries and uses the IP address inside the application does not work
through NAT.</li>
<li>NAT consumes fewer computer resources and is more efficient than using
SOCKS and application proxy servers.</li>
<li>The Universal Connection can flow through NAT.</li></ul>
<p>Some disadvantages of NAT include the following:</p>
<ul>
<li>NAT provides minimum logging services.</li>
<li>You must enable IP forwarding before you can use NAT to make an Internet
connection.</li>
<li>NAT is not as adept as either the SOCKS or application proxy servers in
detecting attacks.</li>
<li>NAT can break certain applications, or make these applications more difficult
to run.</li></ul>
<a id="Bot_Of_Page" name="Bot_Of_Page"></a>
</body>
</html>