The NAT ALG function implements transparent translation for some application layer protocols.
Packets of many application layer protocols contain user information, including IP addresses and port numbers. These protocol packets may fail to be forwarded because NAT cannot identify the IP addresses and port numbers carried in these protocol packets. For special protocols, such as FTP, the Data field in a packet contains IP address or port information. In this case, an inconsistency or errors occur because NAT does not take effect on an IP address or port information in the Data field of a packet. A good way to solve the NAT issue for these special protocols is to use the ALG function. Functioning as a special conversion agent for application protocols, the ALG interacts with the NAT device to establish states. The ALG uses NAT state information to change the specific data in the Data field of IP packets and to complete other necessary work, so that application protocols can run across internal and external networks.
NAT ALG supports various protocols, such as the Internet Control Message Protocol (ICMP), Session Initiation Protocol (SIP), Real-Time Streaming Protocol (RTSP), Point-to-Point Tunneling Protocol (PPTP), domain name service (DNS), and File Transfer Protocol (FTP).
NAT ALG does not support packets longer than 2048 bytes (NAT ALG SIP does not support packets longer than 8192 bytes), UDP-based RTSP, TCP-based SIP, TCP-based DNS, or TCP fragments.