I think Nathan is referring to Cisco's definitions (PIX). It seems that there is no standard terminology; your definition of dynamic NAT is Cisco's definition of PAT. As far as RRAS, I know you can set it up with ISA to deliver true (static) NAT for VPN, but how would you use it with ISA to deliver NAT for Internet Proxy use? ----- Original Message ----- From: "Jim Harrison" <jim@xxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Friday, December 21, 2001 9:57 AM Subject: [isalist] Re: ISA NAT or PAT > http://www.ISAserver.org > > > ISA does perform NAT, which is actually nothing more than changing address > headers within TCP/IP packets as they cross, be it ISA or a $40 Linksys > device. > I think you're confusing static NAT with secureNAT, a concept used in ISA > and other firewall / proxy devices like BigIP. > RRAS performs static NAT, where every packet using a specific internal IP > can be mapped to a specific external IP and vice-versa. > ISA , et al, perform dynamic NAT, where the packet source / destination IP > is changed according to the rules defined. > ISA lacks the ability to create a static mapping between IPs because the > security model of ISA is port/protocol/-based. > They avoided "reinventing the wheel" in that area, because if you want that > functionality, you can easily set up RRAS and manage it that way.. > > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/authors/harrison/ > Read the book! > > ----- Original Message ----- > From: "Nathan Sutton" <nathan.sutton@xxxxxxxxxx> > To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > Sent: Thursday, December 20, 2001 17:13 > Subject: [isalist] ISA NAT or PAT > > > http://www.ISAserver.org > > > Hello All, > > Network Address Translation is the ability to translate from a series > (pool) of public IP addresses to private Ip addresses in a one-to-one > fashion. > > From my experience, and from reading material, ISA's implementation of NAT > ir really PAT. Where the ISA server maintains a table of port to IP > addresses, i.e. a Socket table. > > The reason for the question is because there is no way to assign a pool of > IP addresses within ISA as you can within RRAS. The NAT configuration is > not exposed anywhere in the ISA MMC interface.2 - > > Thanks. > > Nathan Sutton. > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > jim@xxxxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub') > > > > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: wit@xxxxxxxxxx > To unsubscribe send a blank email to $subst('Email.Unsub')