TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

371

372

373

374

375

376

377

378

379

380

5-15

Network Address Translation

Configuring NAT Policies

Sometimes you might also want to exclude traffic that is sent over a GRE

tunnel from translation. The exclusion policy’s destination addresses

should match the subnets in the tunnel’s traffic selector. The source

addresses should be local addresses allowed to send traffic over the

tunnel.

■ The relationship between the original number of IP addresses and the

number of NAT addresses helps determine the NAT operation that the

TMS zl Module performs. The table below shows the type of NAT opera-

tion that is performed depending on how many private addresses are

specified (100 for this example) compared to the number of NAT

addresses. Terms such as one-to-one and many-to-one are provided here

on a conceptual basis only; the terms do not appear on the user interfaces.

Table 5-8. NAT Operations

NAT Type Number of

Source

Addresses

Number of

Destination

Addresses

Number of

NAT

Addresses

NAT Operation Description

Source 100 n/a 100 or more One-to-one Each source device receives its own NAT

address; source ports are unchanged.

Source 100 n/a 2-99 Many-to-many Each source device receives its own IP address

until all of the NAT addresses are assigned after

which all new connections from the source

address to the destination address are denied.

Source ports are unchanged.

Source 100 n/a 1 Many-to-one All selected source addresses are translated to

the same NAT IP address. Typically, source ports

are unchanged, but (in the case of two devices

using the same source port) the TMS zl Module

translates the source port to a unique number so

that return traffic can be sent to the right host.

Destination n/a 2–100 1 Many-to-one Multiple public destination IP addresses are

translated into one private IP address.

Multiple policies can be created for the same

destination IP addresses; in that case, each policy

would specify a different service and a different

NAT address.

The destination port number is translated if a new

port is specified.

Destination n/a 1 1 One-to-one One public destination IP address is translated

into one private IP address.

Multiple policies can be created for the same

destination IP address; in that case, each policy

would specify a different service and a different

NAT address.

The destination port number is translated if a new

port is specified.