Manualshelf

WESM zl Management and Configuration Guide WT.01.03 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
61626364656667686970
1-43
Introduction
ProCurve Wireless Edge Services zl Module
NAT. NAT, another function the Wireless Edge Services zl Modules firewall
offers, modifies addresses in packets’ IP headers. The module supports NAT
on both source addresses and destination addresses.
The Wireless Edge Services zl Module has the following capabilities:
Dynamic source NAT with port mapping—The module translates
multiple source addresses to a single new address, which is one of the
module’s own IP addresses. Although every NATed packet has the same
new source address, the module assigns each session a different source
port. The module then maintains a table that maps each source port to the
correct original address, allowing the module to forward return traffic to
its destination.
Static source NAT with optional port translation—The module
translates a single source IP address to a single new address.
Typically, the address after translation is an IP address that is assigned
to the Wireless Edge Services zl Module. However, you can use a differ-
ent IP address as long as it is not assigned to another device. If you
choose not to use one of the module’s IP addresses, you must configure
proxy ARP so that the module can respond to ARP requests for the
NATed IP address.
You can optionally configure the module to translate the packet’s source
port to a new port.
Static destination NAT with port forwarding and optional port
translation—The module translates packets destined to a specific IP
address (typically one of the module’s own) to a new IP address. It then
forwards the traffic toward the new destination.
Port forwarding allows the module to differentiate between traffic sent to
the same IP address but different ports. For example, port forwarding can
translate a packet sent to its public IP address on the HTTP port (80) to
one IP address but translate a packet sent to the FTP port (21) to a
different address. Port forwarding allows multiple servers to share the
same public IP address.
Port translation, an additional option, allows the Wireless Edge Services
zl Module to translate the destination port as well as the destination IP
address. For example, the module can receive an HTTP packet on port 80
and change its destination to a Web server that uses the private port 55000.
You can learn more about these capabilities, including how to enable them, in
Chapter 8: “Configuring Network Address Translation (NAT).” The section
below gives some examples of when to use NAT.