TMS zl Management and Configuration Guide ST.1.0.090213
5-5
Network Address Translation
NAT Operations
The source and destination IP address (SA, DA) and port fields (SP, DP) in five
outbound IP packet headers are shown in Table 5-2. The translated fields are
shown with shading. Notice that the source port is translated only if two
devices have the same original source port. The module keeps track of this
change so that it can correctly translate reverse traffic to these devices.
Table 5-2. Many-to-One Source NAT
Many-to-Many
With many-to-many source NAT the module assigns each local device that
attempts to reach the destination network a separate IP address in that
network. A range of new IP addresses is available. The TMS zl Module trans-
lates the source IP address into one of the NAT IP addresses, and the source
port is the same as the original. If a NAT IP address cannot be allocated
dynamically at the connection-creation time because all of the addresses are
in use, the packet is dropped (the module treats a many-to-many policy as an
incomplete one-to-one policy).
The TMS zl Module will perform many-to-many NAT if you specify multiple
source addresses and multiple, but fewer, NAT addresses.
The source and destination IP address (SA, DA) and port fields (SP, DP) in five
outbound IP packet headers are shown in Table 5-3. The translated fields are
shown with shading.
Before NAT After NAT
SA
1
SP
1
DA
1
DP
1
SA
2
SP
2
DA
2
DP
2
10.1.1.10 50055 172.16.122.63 80 192.168.5.23 50055 172.16.122.63 80
10.1.1.11 50056 192.168.2.77 21
192.168.5.23 50056 192.168.2.77 21
10.1.1.12 50057 172.16.222.8 88
192.168.5.23 50057 172.16.222.8 88
10.1.1.13 50058 192.168.2.75 53
192.168.5.23 50058 192.168.2.75 53
10.1.1.14 50055 172.16.53.78 69
192.168.5.23 57574 172.16.53.78 69