Application #8 - port address translation (pat), Application #8 — port address translation (pat), Application guide — eipr series – Contemporary Control Systems EIPR Wired/Wireless VPN Router Application Guide User Manual

AG-EIPR0000-BC1

Page 11

Application Guide — EIPR Series

Application #7 — Router Access from a WAN-side Device

PAT (also known as a firewall) allows a many-to-one

mapping of private IP addresses to one public address.

Not only does this provide enhanced security for the

devices on the LAN side, it also allows multiple LAN-side

devices to communicate to devices on the WAN side

using only one WAN IP address. When the WAN network

is connected to the Internet, this allows the LAN devices

to communicate on the Internet via one public IP address.

Most ISPs will limit the number of public IP addresses

provided to their customers. PAT is done by the use of

port assignments — thus, granting private IP addresses

access to the Internet. In this example, the ISP provided

the router the public address of 1.2.3.4. Both LAN-side

PCs have automatically been assigned local IP ports and

granted access to the Internet — and no configuration

was needed.

Internal IP Address

LAN IP Port External IP Address

192.168.92.101/24

5001

1.2.3.4

192.168.92.102/24

5002

1.2.3.4

Application #8 — Port Address Translation (PAT)

In some situations you may want a WAN-side device to

access and possibly configure the router. This is

enabled via the Remote Router Access control (shown

below) found under the Administration tab.

Caution: Enabling this control grants access to any

device on the public or WAN-side. To restrict access to

just certain WAN devices, you must construct a

whitelist such as the example below which specifies an

outside (public or WAN-side) device that has the IP

address of 4.3.2.1.

Enhance Security with a Whitelist

Specify which WAN-side devices

can configure the router.