Re: ISA NAT or PAT
- From: "Work" <wit@xxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Fri, 21 Dec 2001 10:32:23 -0500
I think Nathan is referring to Cisco's definitions (PIX). It seems that
there is no standard terminology; your definition of dynamic NAT is Cisco's
definition of PAT.
As far as RRAS, I know you can set it up with ISA to deliver true (static)
NAT for VPN, but how would you use it with ISA to deliver NAT for Internet
Proxy use?
----- Original Message -----
From: "Jim Harrison" <jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Friday, December 21, 2001 9:57 AM
Subject: [isalist] Re: ISA NAT or PAT
> http://www.ISAserver.org
>
>
> ISA does perform NAT, which is actually nothing more than changing address
> headers within TCP/IP packets as they cross, be it ISA or a $40 Linksys
> device.
> I think you're confusing static NAT with secureNAT, a concept used in ISA
> and other firewall / proxy devices like BigIP.
> RRAS performs static NAT, where every packet using a specific internal IP
> can be mapped to a specific external IP and vice-versa.
> ISA , et al, perform dynamic NAT, where the packet source / destination IP
> is changed according to the rules defined.
> ISA lacks the ability to create a static mapping between IPs because the
> security model of ISA is port/protocol/-based.
> They avoided "reinventing the wheel" in that area, because if you want
that
> functionality, you can easily set up RRAS and manage it that way..
>
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/authors/harrison/
> Read the book!
>
> ----- Original Message -----
> From: "Nathan Sutton" <nathan.sutton@xxxxxxxxxx>
> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
> Sent: Thursday, December 20, 2001 17:13
> Subject: [isalist] ISA NAT or PAT
>
>
> http://www.ISAserver.org
>
>
> Hello All,
>
> Network Address Translation is the ability to translate from a series
> (pool) of public IP addresses to private Ip addresses in a one-to-one
> fashion.
>
> From my experience, and from reading material, ISA's implementation of NAT
> ir really PAT. Where the ISA server maintains a table of port to IP
> addresses, i.e. a Socket table.
>
> The reason for the question is because there is no way to assign a pool of
> IP addresses within ISA as you can within RRAS. The NAT configuration is
> not exposed anywhere in the ISA MMC interface.2 -
>
> Thanks.
>
> Nathan Sutton.
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jim@xxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
wit@xxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
