policy based NAT setting notes

NAT Off =
        Route Mode
NAT On, Dip OFF =
        This is the PAT we've always done in NAT Mode
NAT On, Dip OFF, Fix Port =
        Translates internal IP's to the IP of the interface, but doesn't translate the port.
        If a duplicate port is used by a source, they are not allowed to be translated
        because the port is already used for a mapping.
NAT On, Dip On,
        DIP: Fix Port On (It's like allocating a number of MIP's to use)
        A dip is an Address Range (Let's not call it a pool for that is used for l2tp)
        If you have an address range contain 5 DIP's.
        Only 5 Hosts can be translated. Any new request is dropped. Ports are not
        Translated for any address in the range. (This is classic NAT pools)
NAT On, Dip On,
        DIP: Fix Port Off
        If you have an address range containg 5 DIP's, the NetScreen will use
        round robin to select a DIP for each address that needs to be translated:
        PAT is used for each Address in the range.
        
        Some other advantages: Each policy can use its own dip with Fix Port off
        So if you set up your policies by departments: sales gets their own pat address,
        marketing gets their own pat address, tech support etc.. Now down stream if         there is a problem you at least know what department the ip came from.

挺好的,有这么好的东东也不错.谢谢了偶也应该学习的..

现在只要求能看得明白就好.很多贴子像是在看天书