Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
48
Figure 34 Assigning port blocks
Static mappings
Figure 35 User tracing process
Transition technology deployment scheme contains two IP-port mapping modes: static and dynamic.
Static IP-port mapping modeAAA and Carrier Grade NAT (CGN) set parameters through the
network management system and execute the same algorithm for generating mappings. During
address tracing process, AAA and CGN do not exchange mappings with each other, and trace the
address directly.
Dynamic IP-port mapping modeCGN reports the mappings between user addresses and port
blocks to the log server or AAA server through syslogs or RADIUS packets. During address tracing
process, AAA requests the log server for mappings.
The dynamic IP-port mapping mode applies to Broadband Remote Access Server (BRAS) cards. After
assigning an IP address to an online user, BRAS dynamically determines the public address and port
block used by the user, generates an address mapping table, and then reports the table to the AAA
server through extended RADIUS packets. This mode can use port block resources effectively in theory,
but only takes effect at any time when no user accesses any service for a long time.
The followings might affect user tracing: