Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
1-56
Overview
Network Address Translation (NAT)
Note The information above is simply intended to inform you of the module’s
capabilities. When you configure NAT, you do not need to determine the
specific type of source or destination NAT that you require. Once you config-
ure the source, destination, and NAT addresses, the Web browser interface
handles the configuration.
You can also configure NAT policies that exclude specific addresses. For
example, if you have configured source NAT for addresses 10.1.1.20–
10.1.1.200, but you don’t want to translate addresses 10.1.1.50–10.1.1.55, you
can configure an exclusion NAT policy for those addresses.
Operation
On the TMS zl Module, NAT is configurable per-zone, per-VLAN, per-IP range,
or even per-IP address. The correct zone settings depend on the type of NAT.
For source NAT, the source zone is the zone from which the traffic to be
translated arrives. The destination zone is the zone to which the translated
traffic is destined—that is, the zone in which the traffic requires the new
source address. For example, you want to configure all endpoints in the
private network to share an IP address on the Internet. You would create an
Internal-to-External source NAT policy.
For destination NAT, the source zone is the zone from which the traffic to be
translated arrives. The destination zone is the Self zone because the traffic to
be translated is originally destined to an IP address on the module (or an IP
address that the module handles). For example, if you configure destination
NAT for requests sent by Internet users to your network’s Web server, you
would create an External-to-Self destination NAT policy.
In particular, a NAT policy specifies these parameters:
The type of NAT
The source and destination IP addresses for traffic to which NAT is
applied
The post-translation IP address or addresses
You can use the same named objects that you create for firewall policies for
NAT policies—as long as those objects are single-entry objects.
For more information on configuring NAT, see Chapter 5: “Network Address
Translation.