MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

Generally NAT is used to map all addresses on an internal network to a single address for use on

an external network like the Internet. The main benefits are that NAT:

• Enables several devices to share a single connection

• Effectively hides the IP addresses of all devices on the internal network from the external

network.

This is illustrated as follows:

Internet

Web

server

Web Page

192.168.1.2

NAT

192.168.1.3

ISP

addressed to

192.168.1.2

addressed to

202.125.11.26

Internal addresses are invisible

to computers on the Internet.

All traffic uses the same

external IP address

assigned by the ISP.

202.125.11.26

HTTP

request

Controller

NAT can be useful in conjunction with virtual private network (VPN) connections. When two

networks are connected through a VPN tunnel, it may be desirable to obscure the address of local

computers for security reasons.

NAT security and static mappings

One of the benefits of NAT is that it effectively hides the IP addresses of all devices on the internal

network an external network. In some cases, however, it is useful to make a computer on the internal

network accessible externally. For example, a Web server or FTP server.

Static NAT mapping addresses this problem. Static NAT mapping enables you to route specific

incoming traffic to an IP address on the internal network. For example, to support a Web server,

you can define a static NAT mapping to route traffic on TCP port 80 to an internal computer running

a Web server.

A static NAT mapping allows only one internal IP address to act as the destination for a particular

protocol (unless you map the protocol to a nonstandard port). For example, you can run only one

Web server on the internal network.

NOTE:

• If you use a NAT static mapping to enable a secure (HTTPS) Web server on the internal network

on TCP port 443, remote access to the management tool is no longer possible, as all incoming

HTTPS requests are routed to the internal Web server and not to the management tool. You

can change the default management port (TCP 443) to an alternate unused TCP port in this

case.

• If you create a static mapping, the firewall is automatically opened to accept the traffic.

However, this firewall rule is not visible on the Firewall configuration page (it is maintained

internally by the controller).

Network address translation 63