Thursday, August 6, 2009

The basic definitions of nat / pat are obvious and we need no further explanations . so we will move on with some thing important with juniper ie, APPLICATION-LEVEL GATEWAYS

-> some protocols include some combination of IP addresses and TCP or UDP ports in their payload.If a router is configured to perform nat and translates only the layer 3 and layer 4 headers , some combination of the ip addresses and the TCP or UDP ports included in the payload by these protocols will be wrong and may prevent application from running properly

->additionally some protocols have control connections that begin other sessions.Because these sessions are created dynamically and often use random port numbers, the firewall rules will likely not allow these sessions.

->Application-level gateways (ALG'S) allow router to interact with protocols at Layer 4 and above.

->when you configure the router to use ALG, it inspects payload of connections, translating IP addresses and ports in the payload and updating the sessions started by control connection.

Design by Blogger Buster | Distributed by Blogging Tips