WESM zl Management and Configuration Guide WT.01.28 and greater
8-2
Configuring Network Address Translation (NAT)
Overview
Overview
You can configure the ProCurve Wireless Edge Services zl Module to perform
Network Address Translation (NAT) on traffic routed between two subnetworks—
typically, traffic exchanged between the wireless and the wired network. The module
can translate either the source or the destination IP address in a packet’s IP header to
a new address.
The Wireless Edge Services zl Module allows you to implement NAT in several
different ways. For example, you can configure the module to use a single IP address
as the source address for an entire group of wireless stations when these stations
transmit data to a wired network. This implementation of NAT allows users whose
wireless stations have private IP addresses to access the Internet using one public IP
address. NAT also adds another layer of security by concealing the actual IP addresses
of wireless devices from users in the wired network.
Translating Between an Inside and an Outside Network
When implementing NAT, the Wireless Edge Services zl Module distinguishes
between an inside and an outside network, and implements NAT at the border
between the two networks.
When you configure NAT, you define the inside and outside networks by specifying
if a given virtual LAN (VLAN) interface is inside or outside. For example, in
Figure 8-1, wireless LAN (WLAN) A is assigned to VLAN 8, which has been defined
as an inside interface. On the other hand, VLAN 4, which is used in the Ethernet
LAN, is defined an outside interface.
The setting you select for a particular VLAN—either inside or outside— depends on
how you implement NAT. (The options for implementing NAT are described in “NAT
Implementation Methods” on page 8-4.)