6.7.5.2. Types of NAT policies

Application-level Gateway supports the following types of NAT policies. For details on the parameters of these NAT policies, see Section 5.8, Module NAT in Proxedo Network Security Suite 1.0 Reference Guide.

NAT policyDescription
General NATSimple mapping based on the original and desired address(es). General NAT can be used to map a set of IP addresses (a subnet) to either a single IP address or to a set of IP addresses (a subnet). For details, see Section 5.8.4, Class GeneralNAT in Proxedo Network Security Suite 1.0 Reference Guide.
StaticNATThis option can be used to specify a single IP address/port pair to use in address transforms. It is mainly used in DNAT configurations where incoming traffic must be directed to an internal or DMZ server that has a private IP address. Specifying port translation is optional. When used in conjunction with SNAT, StaticNAT can be used to map to IP alias(es). For details, see Section 5.8.12, Class StaticNAT in Proxedo Network Security Suite 1.0 Reference Guide.
OneToOneNATIn OneToOneNAT mapping you must configure IP address mappings for your address sets (domains) individually. In other words, OneToOneNAT maps networks to networks — with the possibility that your networks consist of single IP addresses. To use OneToOneNAT the two networks must be of the same size. For details, see Section 5.8.10, Class OneToOneNAT in Proxedo Network Security Suite 1.0 Reference Guide.
OneToOneMultiNATThis option maps multiple IP address domains to multiple IP address domains. It is primarily useful for large-scale, enterprise deployments. It is like OneToOneNAT but can have multiple NAT mappings. For details, see Section 5.8.9, Class OneToOneMultiNAT in Proxedo Network Security Suite 1.0 Reference Guide.
RandomNATIt means that the firewall selects an IP address from the configured NAT pool randomly for each new connection attempt. Once a communication channel (a session) is established, subsequent packets belonging to the same session use the same IP address. The port number used in RandomNAT transforms can be fixed, even for each IP address used in the NAT pool separately. It is ideal when you want to distribute the load (use) of addresses in your NAT pool evenly and you do not have specific requirements for fixed address allocations such as IP based authentication. For details, see Section 5.8.11, Class RandomNAT in Proxedo Network Security Suite 1.0 Reference Guide.
HashNATIt maps individual IP addresses to individual IP addresses very quickly, using hash values to determine mappings and storing them in hash tables. For details, see Section 5.8.5, Class HashNAT in Proxedo Network Security Suite 1.0 Reference Guide.
NAT46NAT46 embeds an IPv4 address into a specific portion of the IPv6 address, according to the NAT46 specification described in RFC6052. For details, see Section 5.8.6, Class NAT46 in Proxedo Network Security Suite 1.0 Reference Guide.
NAT64NAT64 maps specific bits of the IPv6 address to IPv4 addresses according to the NAT64 specification described in RFC6052. For details, see Section 5.8.7, Class NAT64 in Proxedo Network Security Suite 1.0 Reference Guide.

Table 6.2. NAT solutions