Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
Functions Provided by NAT 83
Security gateway implements many-to-many address translation and address
translation control via address pool and ACL respectively.
Address pool: A set of public IP addresses for address translation. A client
should configure an appropriate address pool according to its valid IP address
number, internal host number as well as the actual condition. An address will
be selected from the pool as the source address during the translation process.
ACL-based address translation: Only the data packet matching the ACL rule
can be translated, which effectively limits the address translation range and
allows some specific hosts to access Internet.
NAPT There is another way to implement the concurrent access, that is, Network
Address Port Translation (NAPT), which allows the map from multiple internal
addresses to an identical public address. Therefore, it can be called as
"many-to-one address translation" or address multiplex informally.
NAPT maps IP addresses and port numbers of data packets form various internal
addresses to an identical public address with different port numbers. In this way,
different internal addresses can share an identical public address.
The fundamentals of NAPT are shown in the following figure.
Figure 16 NAPT allowing multiple internal hosts to share a public address
As shown in the above figure, four data packets from internal addresses arrive at
the NAT server. Among them, packet1 and packet2 come from the same internal
address with different source port number; pakcet3 and packet4 come from
different internal addresses with an identical source port number. After the NAT
mapping, all the 4 packets are translated into an identical public address with
different source port numbers, so they are still different from each other. As for the
response packets, the NAT server can also differentiate these packets based on
their destination addresses and port numbers and forward the response packets to
the corresponding internal hosts.
Static Network Address
Translation
This new static NAT approach converts the internal host addresses in a specified
range to the specified public network addresses (only the network part is
192.168.1.3
PC
Internet
192.168.1.2
Server
PC
Server
202.120.10.2
202.120.10.3
192.168.1.1 202.169.10.1
Data packet 1:
Source IP:
192.168.1.3
Source port:
1537
Data packet 2:
Source IP:
192.168.1.3
Source port:
2468
Data packet 1:
Source IP:
202.169.10.1
Source port:1537
Data packet 2:
Source IP:202.169.10.1
Source port:
2468
Source IP:
192.168.1.1
Source port:
1111
Data packet 4:
Source IP:
192.168.1.2
Source port:
1111
Source IP:
202.169.10.1
Source port:
1111
Data packet 4:
Source IP:202.169.10.1
Source port:
2222