Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100430

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
471472473474475476477478479480
5-42
Network Address Translation
NAT Examples
Note It is not recommended that you enable logging permanently because
policy logging is processor-intensive. Use policy logging for troubleshoot-
ing and testing only.
l. Click Apply.
m. Click Close.
n. Click Save.
You could also apply a more general firewall access policy. This might allow
you to create fewer firewall access policies overall because more than one of
the NAT policies would be covered by a single firewall access policy.
Exclusion NAT
In this example, an exclusion NAT policy helps to ensure that your TMS zl
Module’s NAT and VPN functions interoperate correctly. NAT occurs before
traffic is selected for a VPN by an IPsec policy. But if NAT is performed on
traffic that should be sent over a VPN tunnel, the IPsec policy might not be
able to select the traffic and the VPN will fail. If a source NAT policy and an
IPsec traffic selector overlap, you must create an exclusion NAT policy to
prevent the module from performing NAT on traffic that should be sent over
the VPN.
Note The exclusion policy is only necessary when the module itself would other-
wise perform NAT on traffic that should be selected for the VPN. If there are
other NAT devices between the local VPN gateway and the remote VPN
gateway, the TMS zl Module will automatically implement NAT Traversal. In
that case, you should configure the firewall to permit the UDP-encapsulated
NAT-T packets.