ZyXEL Communications 2304R-P1 User Manual

Prestige 2304 Support Notes

All contents copyright (c) 2005 ZyXEL Communications Corporation.

78

When Prestige acting as SUA receives a packet from a local client destined for the outside Internet, it replaces

the source address in the IP packet header with its own address and the source port in the TCP or UDP header

with another value chosen out of a local pool. It then recomputed the appropriate header checksums and

forwards the packet to the Internet as if it is originated from Prestige using the IP address assigned by ISP.

When reply packets from the external Internet are received by Prestige, the original IP source address and

TCP/UDP source port numbers are written into the destination fields of the packet (since it is now moving in

the opposite direction), the checksums are recomputed, and the packet is delivered to its true destination. This is

because SUA keeps a table of the IP addresses and port numbers of the local systems currently using it.

What is the difference between NAT and SUA?

NAT is a generic name defined in RFC 1631 'The IP Network Address Translator (NAT)'. SUA (Internet

Single User Account) is ZyXEL's implementation and trade name for functioning PAT which is a specific type

of NAT. SUA (or PAT for NAT) translates address into port mapping.

The primary motivation for RFC 1631 is that there is not enough IP address to go around. In addition, many

corporations simply did not bother to obtain legal (globally unique) IP addresses for their networks and now

finding themselves unable to connect to the Internet.

Basically, NAT is a process of translating one address to another. A NAT implementation can be as simple as

substituting an IP address with another. This allows a network to rectify the illegal address problem mentioned

above without going through each and every host.

The design goal of ZyXEL's SUA is to minimize the Internet access cost in a small office environment by using

a single IP address to represent the multiple hosts inside. It does more than IP address translation, so that

multiple hosts on the LAN can access the Internet at the same time.

How many network users can the SUA/NAT support?

The Prestige does not limit the number of the users but the number of the sessions. The Prestige supports 1024

sessions that you can use the 'ip nat iface enif0 disp' command in menu 24.8 to view the current active sessions.

What are Device filters and Protocol filters?

In ZyNOS, the filters have been separated into two groups. One group is called 'device filter group', and the

other is called 'protocol filter group'. Generic filters belong to the 'device filter group', TCP/IP and IPX filters

belong to the 'protocol filter group'.