HP VPN Firewall Appliances NAT and ALG Configuration Guide
49
• When a great number of users are going online and offline, generation of large number of syslogs
and RADIUS packets increases the load of AAA servers or log servers. Thus, log servers cannot
meet the requirements and AAA servers' performance might be affected.
• Syslogs and RADIUS packets are UDP packets and dynamic IP-port mappings might be lost.
• In dynamic IP-port mapping mode, storing mappings is supposed to be time-phrased. Therefore, it
is required for the AAA servers and log servers to have large storage space.
NAT unlimited connection
NAT unlimited connection can make sure NAT addresses and port numbers be reused unlimitedly.
As shown in Figure 36, different sources (differ
ent addresses or different ports) can reuse a NAT address
and port number as long as the destination address or destination port number is different.
Figure 36 NAT unlimited connection
User connection limit
You can use connection limit to prevent large amount of resources being occupied because of excessive
sessions and to prevent external attacks after Full cone NAT is enabled.
Full cone NAT
Enable Full cone NAT when the P2P node is behind a NAT device and provides external download
services.
Multiple routing protocols
NAT444 supports static routes and policy-based routes as well as dynamic routes such as OSPF, BGP,
and ISIS.
NAT444 configuration task list
Task Remarks
Configuring NAT444
Configuring NAT444 static IP-port mappings
Either is required.
Configuring NAT444 dynamic IP-port mappings
Configuring Full cone NAT Optional.
Configuring NAT444 logging Optional.