Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
84 CHAPTER 6: NAT CONFIGURATION
converted and the host part is unchanged). When internal hosts access the outside
network, their internal addresses are converted to public network addresses if
their internal addresses are in the specified range. Accordingly, outside hosts can
use the public network address to access directly internal hosts if the internal host
addresses which are converted from the public network addresses are in the
specified range.
Static NAT function creates direct mapping between internal host addresses and
public network addresses, and implement the function similar to NAT server.
However, static NAT function requires a large IP address space since it holds the
one-to-one mapping between internal host addresses and public network
addresses. You can combine the static and dynamic NAT function, as long as the
addresses are not in conflict.
Bidirectional Network
Address Translation
Traditional NAT function converts only the packet source or destination address,
but directional NAT function converts both. This function is used in the case where
internal host addresses and public network addresses overlap. As shown in
Figure 17, the addresses of the internal host PC1 and the host PC3 on the public
network overlap. Then if the internal host PC1 or PC2 sends a packet to PC3, the
packet will not be forwarded to PC3, but by mistake to PC1. Bidirectional NAT
function can guarantee correct packet forwarding by configuring the mapping
from overlap address pool to temporary address pool on 3ComA (traditional NAT
function is also implemented) to convert the overlap address to a unique
temporary address.
Figure 17 Bidirectional NAT implementation
For example, to configure bidirectional NAT function on 3ComA, you can:
Step 1: Configure traditional NAT (many-to-many address conversion).
Configure the NAT address pool containing 200.0.0.1 to 200.0.0.100, and assign
it to the WAN interface.
Step 2: Configure the mapping between a group of overlap and temporary
addresses.
10.0.0.0 ←→ 3.0.0.0, with 24-bit subnet mask.
One overlap address pool corresponds to one temporary address pool. The
conversion rule is as follows:
Intranet
Switch 8800A
PC1
www.web.com
10.0.0.1/24
10.1.1.1/24
PC2
10.0.0.1/24
DN
S
S
erver
PC3