Linksys SPA942 Telephone User Manual


 
Linksys SPA9x2 Phone Administration Guide Cisco Confidential--First Draft11
Network Address Translation and SPA9x2 Phones
Introducing Linksys SPA9x2 Phones
If security is not a concern, you can disable stateful packet inspection (SPI) on your firewall (if
you have it). SPI allows a firewall to be aware of a packet’s state; only recently-sent requests are
allowed into the network.
Network Address Translation and SPA9x2 Phones
In a typical application of network address translation (NAT), all devices in a subscriber network
access the Internet through a router with a single public IP address. The IP address is assigned
by a service provider. The IP header of the packets sent from the private network to the public
network is substituted by NAT with the public IP address and a port assigned by the router. The
receiver of the packets on the public network sees the packets as coming from the external
address instead of the private address of the device.
You can implement NAT in three ways:
Full cone NAT (one-to-one NAT)— All requests from the same internal IP address and port
are mapped to the same external IP address and port. An external host can send a packet to
the internal host by sending a packet to the mapped external address
Restricted cone NAT—All requests from the same internal IP address and port are mapped
to the same external IP address and port. Unlike a full cone NAT, an external host cannot
send a packet to the internal host unless the internal host previously sent a packet to it.
Port-restricted cone NAT (symmetric NAT)—Similar to restricted cone NAT, but the
restriction includes port numbers. An external host can send a packet to a particular port on
the internal host only if the internal host previously sent a user datagram protocol (UDP)
packet from that port to the external host. UDP is a connectionless messaging protocol for
delivery of data packets.
See the following topics:
”Routers and Service Provider Support of NAT” section on page 12
SIP Proxy
Internet
ITSP
IP Router (firewall)
Broadband modem
Switch
Internet (WAN) Interface
SPA9000
UserA
UserB
UserC
ISP