TMS zl Management and Configuration Guide ST.1.1.100430

5-8

Network Address Translation

NAT Operations

The TMS zl Module will perform many-to-one destination NAT if you specify

multiple destination addresses, one NAT address, and no NAT port.

The source and destination IP addresses (SA, DA) and port fields (SP, DP) in

five inbound IP packet headers are shown in Table 5-5. The translated fields

are shown with shading.

Table 5-5. One-to-Many Destination NAT

Port Forwarding (for One-to-One or Many-to-One)

With this type of destination NAT, one public IP address translates to multiple

private destination IP addresses, each providing a different service. For

example, traffic sent to the public IP address 192.168.5.23 is translated to two

private destination IP addresses: 10.1.1.10, which provides HTTP (TCP port

80) services, and 10.1.1.11, which provides FTP (TCP port 21) services. The

destination IP address of the packet is translated to the correct private IP

address according to the destination port number of the incoming packet. For

example, a packet destined to 192.168.5.23 at port 80 is sent to the HTTP server

at 10.1.1.10.

The TMS zl Module will perform port forwarding if you create multiple

destination NAT policies with the same destination address, but different NAT

addresses and services. The example requires two destination NAT policies:

one to translate HTTP traffic and one to translate FTP traffic.

The source and destination IP address (SA, DA) and port fields (SP, DP) in five

inbound IP packet headers are shown in Table 5-6. The translated fields are

shown with shading.

Before NAT After NAT

172.16.122.63 51005 192.168.5.23 80 172.16.122.63 51005 10.1.1.10 80

10.1.5.48 50056 192.168.5.24 21 10.1.5.48 50056

10.1.1.10 21

10.100.148.77 50057 192.168.5.24 88 10.100.148.77 50057

10.1.1.10 88

172.20.222.8 50058 192.168.5.25 53 172.20.222.8 50058

10.1.1.10 53

172.25.121.75 50059 192.168.5.23 69 172.25.121.75 50059

10.1.1.10 69