Network address translation

NAT lets the SafeLinx Server act as an agent between a public network and a private network.

Based on RFC 1631, NAT uses IP addresses in a stub domain, which can be used in other stub domains. In a stub domain, such as a corporate network that handles only origin or destination traffic from inside the network, there are few IP addresses that have to be globally unique (that is, unique IP addresses on the Internet). This aspect means that only a single, unique IP address is required to represent an entire group of computers.

The NAT first defines a range of unique IP source addresses, then randomly assigns an originating packet to a port number (1024 through 65535). The NAT maintains the mapping of the packet to one of these addresses and the port number in a translation table during a TCP session or until a timeout occurs for a TCP session or UDP connection.

Without NAT, MNIs extend the corporate network IP address space to the SafeLinx Clients and use one address per SafeLinx Client. With NAT, you can use any IP address space that you want for an MNI, and map it to one or a few addresses of the corporate network IP address space. For a corporate network without many addresses to spare, NAT expands your addressable SafeLinx Clients by up to 64,000, for every real intranet address that is assigned to the NAT.