Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
6
NAT CONFIGURATION
NAT Overview
Introduction to NAT As described in RFC1631, Network Address Translation (NAT) is to translate the IP
address in IP data packet header into another IP address, which is mainly used to
implement private network accessing external network in practice. NAT can
reduce the depletion speed of IP address space via using several public IP addresses
to represent multiple private IP addresses.
n
Private address denotes the address of network or host on intranet, whereas
public address denotes the universal unique IP address on Internet.
IP addresses that RFC1918 reserves for private and private use are.
Class A: 10.0.0.0 to 10.255.255.255 (10.0.0.0/8)
Class B: 172.16.0.0 to 172.31.255.255 (172.16.0.0/12)
Class C: 192.168.0.0 to 192.168.255.255 (192.168.0.0/16)
IP addresses in the above three ranges will not be assigned in the Internet, so they
can be used in the intranet by a company or enterprise with no need for
requesting ISP or register center.
A basic NAT application is shown in the following figure.
Figure 15 Network diagram for basic processes of address translation
NAT server such as the security gateway is located at the joint between private
network and public network. When the internal PC at 192.168.1.3 sends the data
packet1 to the external server at 202.120.10.2, the data packet will traverse the
NAT server. The NAT server checks the contents in the packet header. If the
192.168.1.3
PC
Internet
192.168.1.2
Server
PC
Server
202.120.10.2
202.120.10.3
192.168.1.1 202.169.10.1
Data packet 1:
Source:
192.168.1.3
Destination:
202.120.10.2
Data packet 1:
Source:
202.169.10.1
Destination:
202.120.10.2
Data packet 2:
Source:
202.120.10.2
Destination:
192.168.1.3
Data packet 2:
Source:
202.120.10.2
Destination:
202.169.10.1
192.168.1.3
PC
Internet
192.168.1.2
Server
PC
Server
202.120.10.2
202.120.10.3
192.168.1.1 202.169.10.1
Data packet 1:
Source:
192.168.1.3
Destination:
202.120.10.2
Data packet 1:
Source:
202.169.10.1
Destination:
202.120.10.2
Data packet 2:
Source:
202.120.10.2
Destination:
192.168.1.3
Data packet 2:
Source:
202.120.10.2
Destination:
202.169.10.1