Many networks employ NAT boundaries in their network architecture. A NAT gateway establishes the NAT boundary to mask client devices connected to the NAT gateway from the public network. The NAT gateway creates a NAT mapping of all client devices actively communicating through the NAT gateway and routes packets of data accordingly. Consequently, a private network is created that connects to the public network through the NAT gateway, the one device with sufficient information to route data to each client device on the private network.
It is often the case that a client device residing on a network behind a NAT gateway needs to communicate with a server beyond the NAT gateway. The client and server negotiate a transmission control protocol (TCP) connection through the NAT gateway. The gateway maps the network address or Internet protocol (IP) address of the client and then manipulates outgoing packets, masquerading as the source. Upon receipt of the packets, the server on the other end of the TCP connection responds with its own packets, setting the gateway as the destination. The gateway recognizes the response packets as destined for the client, manipulates them and then routes them to the client according to the NAT mapping. This is the basic process by which a client and server communicate through a NAT gateway for as long as is necessary.
A general principal of TCP connections through a NAT gateway is that they eventually close. Whatever the purpose of the connection, at some point, either the client or server will stop sending packets, or the client and server will negotiate a termination of the connection. A corollary principal of NAT gateway design is the NAT mapping maintained by the NAT gateway expire as a matter of resource conservation. As long as communication is active over the TCP connection, the NAT mapping is maintained, and no expiration is necessary. When communication slows or halts altogether, the NAT mapping times out and needs to be reestablished if further communication is to be undertaken.