Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
571572573574575576577578579580
8-8
Configuring Network Address Translation (NAT)
Overview
this wireless network is much like the Internet—filled with untrusted users—you
should implement the same types of security measures that you put in place for users
who access your network from the Internet.
Configure destination NAT to allow wireless users to send traffic toward a servers
publicly known address. The Wireless Edge Services zl Module translates the traffic’s
destination address to the correct local address. When the server replies, the module
automatically translates the source address back to the address to which the traffic
was originally destined, and the private address remains concealed.
For example, your company may have a Web server or an FTP server, which is housed
on your internal LAN. To access this server, wireless users enter a URL, which is
resolved through a Domain Name System (DNS) server to a public IP address. When
your Wireless Edge Services zl Module receives a packet destined to this address, it
translates the destination IP address and forwards the packet toward the correct
internal device.
For example, in Figure 8-4, a Web server on the internal LAN has an IP address of
192.168.1.10. However, the IP address to which wireless stations send traffic is
10.1.1.1. When the ProCurve Wireless Edge Services zl Module receives packets
with the destination address of 10.1.1.1, it translates the destination address to the
private IP address of the Web server: 192.168.1.10. The source IP address is not
affected. (See Figure 8-4.) Therefore, you must ensure that devices in the wired
network can route traffic back to the subnetwork used in the wireless network.
Figure 8-4. Outside Destination NAT