R0106-HP MSR Router Series Layer 3 - IP Services Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

121

122

123

124

125

126

127

128

129

130

114

The NAT444 gateway provides port block-based PAT translation. It maps multiple private IP addresses to

one public IP address with different port blocks. Each private IP address uses a port block exclusively.

For example, private IP address 10.1.1.1 is mapped to public IP address 202.1.1.1 and port block 10001

to 10256. When the internal user initiates sessions to the public network, the source IP address 10.1.1.1

is translated to 202.1.1.1, and the source ports are translated to ports in the port block 10001 to 10256.

Port blocks and private IP addresses are mapped in static or dynamic mode.

Static NAT444

The NAT444 gateway computes a static NAT444 mapping from a private IP address to a public IP

address and a port block before address translation occurs. When the private IP address accesses the

public network, the NAT444 gateway uses this entry for translation.

For the NAT444 gateway to create static NAT444 mappings, you must provide private IP addresses,

public IP addresses, a port range, and a port block size. The gateway computes static NAT444

mappings as follows:

1. Divides the port range by the port block size to get the number of available port blocks for each

public IP address. This value is the base number for mapping.

2. Sorts the port blocks in ascending order of the start port number in each block.

3. Sorts the private IP addresses and the public IP addresses separately in ascending order.

4. Maps the first base number of private IP addresses to the first public IP address and its port blocks

in ascending order.

For example, the number of available port blocks of each public IP address is m. The first m private IP

addresses are mapped to the first public IP address and the m port blocks in ascending order. The next

m private IP addresses are mapped to the second IP address and the m port blocks in ascending order.

The other static IP-to-port block mappings are created by analogy.

Dynamic NAT444

A dynamic NAT444 mapping records the mapping from a private IP address to a public IP address and

a port block. It is created when a private IP address initiates a connection to the public network.

A NAT444 gateway with dynamic NAT444 mappings functions as follows:

1. The NAT444 gateway selects a public IP address and a port block in the NAT address group for

the private IP address.

2. For subsequent connections from the private IP address, the NAT444 gateway translates the

private IP address to the mapped public IP address, and the source ports to ports in the selected

port block.

3. When all the connections from the private IP address are disconnected, the NAT444 gateway

withdraws the port block mapped to the private IP address and deletes the dynamic NAT444

mapping.

The NAT444 gateway uses ACL to implement translation control. Only packets matching an ACL permit

rule are processed by the NAT444 gateway.

Dynamic NAT444 mapping supports port block extending. When a private IP address accesses the

public network, and the ports in the selected port block are all occupied, the NAT444 gateway translates

the source port to a port from extended port blocks.