TMS zl Management and Configuration Guide ST.1.1.100226
5-6
Network Address Translation
NAT Operations
The source and destination IP address (SA, DA) and port fields (SP, DP) in five
outbound IP packet headers are shown in Table 5-3. The translated fields are
shown with shading.
Table 5-3. Many-to-Many Source NAT
Note To prevent packets from being dropped, you can create three many-to-one
policies, one for each NAT address, each specifying a different set of source
addresses. Therefore, every endpoint that requests a connection will receive
one of the NAT addresses. Do not create these policies, however, if it is crucial
that source port numbers never be translated. (See “Limited NAT Pool” on
page 5-35.)
Destination NAT
With destination NAT, the TMS zl Module translates the destination IP address
of a packet to a new IP address. Typically, destination NAT is configured to
allow external devices to use a public IP address to access services in an
internal network.
Figure 5-2. Destination NAT
Before NAT After NAT
SA
1
SP
1
DA
1
DP
1
SA
2
SP
2
DA
2
DP
2
10.1.1.10 50055 172.16.122.63 80 192.168.5.22 50055 172.16.122.63 80
10.1.1.11 50056 192.168.2.77 21
192.168.5.23 50056 192.168.2.77 21
10.1.1.12 50057 172.16.222.8 88
192.168.5.24 50057 172.16.222.8 88
10.1.1.13 50058 192.168.2.75 53 dropped dropped dropped dropped
10.1.1.14 50059 172.16.53.78 69 dropped dropped dropped dropped