Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
81828384858687888990
Functions Provided by NAT 85
Temporary address = Start address of the temporary address pool + (overlap
address - start address of the overlap address pool)
Overlap address = Start address of the overlap address pool + (temporary address -
start address of the temporary address pool)
When PC2 accesses PC3 with the domain name, packets are processed as follows:
1 PC2 sends a DNS request for resolving www.web.com; the DNS server on the
public network resolves the address; 3ComA receives the response packet from
the DNS server. 3ComA checks the address 10.0.0.1 resolved from the response
packet, and finds it is an overlap address, so it converts the overlap address to the
3.0.0.1 temporary address. 3ComA converts the destination address of the DNS
response packet (traditional DNS processing) and sends the DNS response packet
to PC2.
2 PC2 originates an access request with the temporary address 3.0.0.1, which
corresponds to www.web.com. Upon receiving the packet, 3ComA first converts
the source address of the packet (traditional DNS processing), and then converts
the destination address (or temporary address) to the 10.0.0.1 overlap address.
3 3ComA sends the packet to its outgoing WAN interface, and the packet is
forwarded over the WAN hop by hop to PC3.
4 When receiving the packet returned from PC3 to PC2, 3ComA checks the
10.0.0.1 source address, and finds it is an overlap address (listed in the overlap
address pool), so it converts the overlap address to the 3.0.0.1 temporary address.
3ComA converts the destination address of the returned packet (traditional DNS
processing) and sends the packet to PC2.
Internal Server NAT can "shield" internal hosts via hiding the architecture of the intranet.
However, there always the times that you want to permit some hosts on external
networks to access some hosts on the intranet, such as a WWW server or a FTP
server. You can flexibly add servers on the intranet via NAT, for example, you can
use 202.169.10.10 as the external address of the WWW server and
202.110.10.11 as the external address of the FTP server. Even
202.110.10.12:8080 can be used as the external address of the WWW server.
Moreover, NAT can provide multiple identical servers such as WWW servers for
external clients.
The NAT function on the security gateway provides some servers on the intranet
for some hosts on external networks. When a client on an external network
accesses a server on the intranet, the NAT device translates the destination address
in the request packet into a private address on the internal server and translates
the source address (a private address) in the response packet into a public address.
Easy IP Easy IP is to use the public IP address of an interface as the source address after the
address translation. It also controls the address translation based on ACL.
NAT Application Level
Gateway
NAT may cause anomaly to many NAT-sensitive protocols, so you must make
special processing to them. Some packets for NAT-sensitive protocols carry IP
addresses or port numbers in their payload, and lack of special processing will
affect the subsequent protocol exchange.