1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

hey man if NAT and PAT didn't exist what could shortcomings be ?

Discussion in 'Networks' started by kobem, Dec 9, 2007.

  1. kobem

    kobem Megabyte Poster

    791
    1
    50
    hey man , i returned ... i spend my time by researching ip subjects about thesis...
    it is too hard to do..

    question :

    NAT/PAT is used to match one or more private addresses to a public address. (you know)

    my main purpose to ask that think about you have 5 end devices (PCs) at home
    but only one modem and these PCs want to connect to internet.

    by using PAT we could get them to internet but if PAT didn't exist what could solution be?


    as far as i know if we use NAT/PAT source address is not considered our private address
    but the local address of gateway am i wrong?
     
    Certifications: CCNA
  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    If NAT\PAT didn’t exist you would have to use an external IP address for each of your hosts. Obviously there isn’t many external IP addresses left (until IPv6) hence why NAT is used.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  3. kobem

    kobem Megabyte Poster

    791
    1
    50
    you mean , in that position everybody at that home would have to acquire a public address
    and also their local network becomes visible to outside and ip address depletion
    speed would increase ?

    and with NAT/PAT local address of our modem or modem-like device is visible to
    outside not our private ip OK ?
     
    Certifications: CCNA
  4. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Yes 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  5. kobem

    kobem Megabyte Poster

    791
    1
    50
    is my sentence true below

    "as far as i know if we use NAT/PAT source address is not considered our private address
    but the local address of gateway am i wrong?"


    and if NAT is not used , for the security would IPsec or VPN be got to it ?
     
    Certifications: CCNA
  6. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319

    For security, use a firewall 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  7. kobem

    kobem Megabyte Poster

    791
    1
    50
    at that time in which conditions is ipsec used? ...

    and

    if we use NAT what could be taken as source the local address of gateway or public side of it?

    and i ask the same for IPsec ? i suppose that source is the real source
     
    Certifications: CCNA
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. kobem

    kobem Megabyte Poster

    791
    1
    50
    hey i found this for NAT : "NAT also adds to security as it disguises the internal network's structure: all traffic appears to outside parties as if it originates from the gateway machine."

    i know this but due to this fact (about NAT) ; the local side of gateway is the source or public side ?

    ................
    and for ipsec , all data is encrypted so unwanted traffic can not interfere ...
    but still can't comprehend why is ipsec not used at a NATted device?

    and about ipsec , source is the real originating device
     
    Certifications: CCNA
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    Basically if you have a point to point VPN between two sites the traffic is encrypted however when the traffic gets to the VPN endpoint it is no longer encrypted as the packet then routes to whatever resource you need to access on the remote LAN. Any data sent back to you is then encrypted, sent through the VPN tunnel and then decrypted at the VPN endpoint.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. kobem

    kobem Megabyte Poster

    791
    1
    50


    i know this but due to this fact (about NAT) ; the local side of gateway is the source or public side ?

    and about ipsec , source is the real originating device?
     
    Certifications: CCNA
  12. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    The source is always the real originating device, the data has to get back to that address somehow doesnt it? :blink
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  13. kobem

    kobem Megabyte Poster

    791
    1
    50
    no , i didn't mention the thing you said...

    in NAT , source is not the end device source is the outsider device?

    in ipsec , source is the end device?
     
    Certifications: CCNA
  14. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    For NAT it depends on how it is configured. You may have a one to one NAT rule which translates a published IP address to a local IP address, this could be a web server or a mail server.

    For IPSec you have an end point IP address (WAN IP), which then decrypts the VPN traffic.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...