Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
1-63
Overview
Network Address Translation (NAT)
Note The information above is simply intended to inform you of the module’s
capabilities. When you configure NAT, you do not need to determine the
specific type of source or destination NAT that you require. Once you config-
ure the source, destination, and NAT addresses, the Web browser interface
handles the configuration.
You can also configure NAT policies that exclude specific addresses. For
example, you have configured source NAT for all traffic from 10.1.1.0/24 to the
External zone, but you do not want to apply NAT to traffic from 10.1.1.0/24 to
10.10.1.0/24 in the External zone. You can configure an exclusion NAT policy
for those addresses.
Operation
On the TMS zl Module, NAT is configurable per-zone, per-VLAN, per-IP range,
or even per-IP address. The correct zone settings depend on the type of NAT.
For source NAT, the source zone is the zone from which the traffic to be
translated arrives. The destination zone is the zone to which the translated
traffic is destined—that is, the zone in which the traffic requires the new
source address. For example, you want to configure all endpoints in the
private network to share an IP address on the Internet. You would create an
Internal-to-External source NAT policy.
For destination NAT, the source zone is the zone from which the traffic to be
translated arrives. The destination zone is the Self zone because the traffic to
be translated is originally destined to an IP address on the module (or an IP
address that the module handles). For example, if configure destination NAT
for requests sent by Internet users to your network’s Web server, you would
create an External-to-Self destination NAT policy.
In particular, a NAT policy specifies these parameters:
The type of NAT
The source and destination IP addresses for traffic to which NAT is
applied
The post-translation IP address or addresses
You can use the same named objects that you create for firewall policies for
NAT policies—as long as those objects are single-entry objects.
For more information on configuring NAT, see Chapter 5: “Network Address
Translation.”