Use of Network Address Translation (NAT) or Proxy Servers
In order to provide maximum IP number utilization, either an address translator or a proxy server must be present on the customer network. NAT is available in Cisco routers with the appropriate IOS. If Proxy serving is desired, several popular commercial packages are available, such as Microsoft Proxy, (for Windows NT) or Netscape Proxy Server (for Unix or NT). Microsoft has included Proxy in a number of server packages, such as Small Business Server, you may already have a license to run it on your server. Compatible Computers has had much experience with Microsoft Proxy and will be happy to help setup and configure one for your network. Several Unix Open Source proxy servers are also available, such as Squid. In addition to the IP Addressing reclamation feature, Proxy servers also provide excellent firewalling protection. Their downside is that Proxy clients must be installed on all systems in the network, which can represent much effort on a large net. Proxy servers also introduce considerable latency, and require an additional PC Server box to run on. Despite the popular perception that Proxy servers save bandwidth through web page caching, due to the low duplication of page hits the bandwidth savings won't be significant unless the network is very large. Proxy servers were one of the first means of IP address reclamation.
Internet Partners configures the router at sites that use Proxy as a standard IP routing device with no additional features enabled on the router. Proxying is also a solution when the company router is old, (such as a Cisco-on-a-Card as was sold in many Latticenet or Cabletron hubs) or a non-Cisco device.
If the additional effort and expense of a proxy server, or firewall are not justified,
Address Translation) can be used instead. NAT provides a "many-to-one" IP number
mapping that allows a very small subnet (such as only 6 IP numbers) to be assigned to the
organization, and "translated" into a very large subnet of Private IP numbers.
(as defined in RFC1918). NAT also provides a natural firewalling, and does not require a
Proxy client to be installed in any systems in the network. In addition, ANY TCP/IP DEVICE
from a DOS workstation to a Macintosh that has an Ethernet adapter in it can make use of
the Internet connection through the NAT. Network Address Translation introduces negligible
latency on the circuit and is rapidly becoming the preferred method of connection to the
Internet. While NAT can be run on a separate PC, Internet Partners typically configures
NAT on the organization's Cisco router that is used to connect to the Internet. This
requires the Cisco router to be new enough to run the appropriate version of
Cisco IOS. Some
older Ciscos' may require memory upgrades. NAT also helps to protect hosts (computers) behind a NAT device from unsolicited connection. Hosts inside the NAT device can send packets out and establish connections. Once a connection is initiated from inside the private IP addressed network, data can flow freely until that connection is closed. Hosts outside the NAT device, however, are unable to initiate connections to hosts inside the private IP addressed network unless the NAT device specifically provides for it
(i.e. map port 25 to an eMail server with a private IP address on the inside
Cisco also makes a Firewall-enabled version of it's IOS that can be run on the Cisco
router, and that includes Context Based Access Control (CBAC) filtering, which is superior
to the standard IOS packet filtering. Regardless of whether Firewall or Standard IOS is
selected, as part of the installation and configuration, if requested Internet Partners
will configure a basic or CBAC (if applicable) access-control packet-filtering list on any
new Address-Translation Enabled router that we sell, at no added cost. (customized CBAC or
Access Lists incur an additional charge) This is one of the additional benefits of using
Internet Partners as your ISP.