![[previous]](../../../graphics/l_arrow.gif){kind=icon}
![[next]](../../../graphics/r_arrow.gif){kind=icon}
Public IP addresses are registered and can be used within a public network, such as the Internet. Due to the limitation of IP version 4 address space and the growth of the Internet, public addresses are becoming more scarce.
One solution to this problem is to use private addresses on small LANs and to use Address Translation when accessing devices on the public network. Address Translation changes a private address to a public address at the gateway of a public network.
There are two types of address translation, Network Address Translation and Port Address Translation:
With NAT, a pool of public addresses is configured and dynamically mapped to a private workstation address when accesses are made through the gateway to a public network. The public-to-private address mapping remains active until the privately-addressed workstation stops accessing the public network. The public address is then returned to the available pool of addresses.
When NAT is configured, static mappings and/or dynamic pools of addresses must be configured. Static assignments permanently map a private address to a public address.
Dynamic pools consist of a start IP address, the number of addresses in the pool, and a mask to be used for RIP messages if the public addresses are to be advertised. Multiple pool and static assignments may exist within a pool range.
Your remote site administrator or ISP provides a pool of addresses for your local LAN.
If there are enough addresses for each machine and your OfficeConnect Remote 840, you do not need to use NAT. Simply assign each machine an address from the pool. If the number of machines is greater than the number of available addresses, use NAT. As with PAT, you make up a private IP network for the LAN and assign an IP address from that network to each workstation and the OfficeConnect Remote 840 (LAN IP address). RIP (if enabled) must be set to "listen only" so the OfficeConnect Remote 840 will learn routing information from the WAN but will not broadcast the private network information. Doing this provides a firewall and hides the private local network from the outside world. 
Figure C¯1 NAT Example
When a local PC sends a packet destined for the WAN, the OfficeConnect Remote 840 puts the private source IP address and an IP address from the pool into an address translation table. A change is made in the data packet: the private source IP address is replaced by the IP address from the pool and sent to the WAN. When the reply returns, it contains the IP address from the pool. This address is used to search the address translation table for the original private IP address. The private IP address is put into a reply packet and sent to the Ethernet.
When all the pool addresses are in use, any new requests are rejected and the workstation on the LAN has to wait until one of the pool addresses is free for use. To ensure that addresses are not held indefinitely, a timer is associated with each table entry. An entry is freed after 5 minutes of inactivity or if the session between the workstation and the remote site is ended.
This method requires initiating incoming packets from the LAN. Packets from the WAN are rejected unless they have an IP address number that is in the pool and is currently in the address translation table.
Static NAT operates like Dynamic NAT except you may add entries to the address translation table and indicate specific IP addresses from the pool to map to specific private LAN IP addresses. This allows controlled access by the outside world.
PAT is used when several privately addressed workstations share a single public address. PAT uses the TCP and UDP port numbers to map multiple private addresses to the single public address. For normal applications such as web browsing and FTP transfers, PAT can be configured by just enabling the feature. When accesses are originated from the private addressed LAN, a mapping is established between the source port number and the source private address. When the response is received on the public addressed WAN port, the destination port is mapped back to the private address.
Static PAT port mappings or the PAT default address need to be configured when an application will initiate a TCP or UDP connection from the public network. If a publicly accessible server resides on a privately addressed LAN, static ports can be defined for the applications they are running.
For example, TCP port 80 for a Web Server and TCP port 21 for a FTP server can be statically assigned. The PAT default address can be used with, or instead of, static port assignments, and is set to the private address of a workstation on the local LAN.
If an incoming IP data packet is received on a WAN port and there is no existing dynamic or static port mapping, the packet will be translated using the PAT default address.
Your remote site administrator or ISP provides one address for the OfficeConnect Remote 840's Local WAN IP address (In the example above, 10.0.0.1). You make up a private IP network for the LAN and assign an IP address from that network to each workstation and to the OfficeConnect Remote 840 (LAN IP address).
RIP (if enabled) must be set to "listen only" so the OfficeConnect Remote 840 will learn routing information from the WAN but will not broadcast the private network information.
Doing this provides a firewall and hides the private local network from the outside world. 
Figure C¯2 PAT Example
When a local PC sends a packet destined for the WAN, the OfficeConnect Remote 840 puts its source IP address and a port number into an address translation table. The port number is also placed into the data packet.
An additional change is made to the packet: the original (private) source IP is replaced by the OfficeConnect Remote 840 WAN IP address. Then the packet is sent to the WAN.
The reply will contain the OfficeConnect Remote 840 WAN IP address and port number. The port number is used to search the address translation table for the original private IP address.
The original IP address is then put in a reply and sent to the Ethernet.
This method requires initiating incoming packets from the LAN. Packets from the WAN are rejected unless they currently have a port number in the table.
Static PAT operates like Dynamic PAT except you may add entries to the address translation table and specify which port numbers to map to which private IP addresses. This allows controlled access by the outside world. You would select the port numbers based on the type of access needed. For example, if you had a local WEB server, you would select the IP address of your server and the port number 80, which is the UDP and TCP port number used to indicate HTML traffic.
Default PAT operates like Dynamic PAT except you may specify a default private IP address for all traffic whose port numbers are not in the address translation table. However, this may remove the Firewall. With a default IP address, all traffic initiated on the WAN and not sent to other private IP addresses will go to this IP address. In Dynamic and Static PAT, traffic from the LAN, not the WAN, determines the use of the address translation table.