Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
431432433434435436437438439440
5-10
Network Address Translation
NAT Operations
Table 5-7. Port Forwarding with PAT
Exclusion NAT
You can use this NAT type to exclude specific traffic from being translated,
according to the following parameters:
Source and destination zone
Service
Source and destination addresses
Use exclusion NAT if you have an existing source or destination NAT policy,
but you want to exclude a subset of those addresses or services from transla-
tion. For example, if you configure a policy to translate all traffic from subnet
10.1.1.0/24 to the External zone, you could configure an exclusion policy to
exclude HTTPS traffic. In this case, all traffic from 10.1.1.0/24 to External will
be translated, except HTTPS traffic.
It can also be useful to configure an exclusion NAT policy to prevent traffic
that should be sent over a VPN tunnel from having NAT performed on it before
it is selected and encapsulated for the tunnel. For example, a source NAT
policy performs NAT on all traffic from a local subnet to the External zone.
You could create an exclusion NAT policy to prevent NAT from being per-
formed on traffic being sent from the local subnet to the remote subnet in a
site-to-site VPN.
Packet Flow
The core component of the TMS zl Module is the firewall, which controls the
packet flow through the other components of the TMS zl Module, including
NAT. Figure 5-3 shows the overall packet flow of NAT operation.
Before NAT After NAT
SA
1
SP
1
DA
1
DP
1
SA
2
SP
2
DA
2
DP
2
172.16.122.63 50005 192.168.5.23 80 172.16.122.63 50005 10.1.1.10 8088
10.1.5.48 50006 192.168.5.23 21 10.1.5.48 50006
10.1.1.11 2102
10.100.148.77 50007 192.168.5.23 80 10.100.148.77 50007
10.1.1.10 8088
172.20.222.8 50008 192.168.5.23 80 172.20.222.8 50008
10.1.1.10 8088
172.25.121.75 50009 192.168.5.23 21 172.25.121.75 50009
10.1.1.11 2101