WESM zl Management and Configuration Guide WT.01.28 and greater
8-13
Configuring Network Address Translation (NAT)
Planning the NAT Configuration
Planning the NAT Configuration
Before you access the Security > NAT screen and begin to set up NAT for your
wireless network, you should plan your configuration:
1. Consider your company’s network topology and security needs and determine
the requirements for NAT.
In other words, which NAT methods do you need to configure, and which traffic
should be translated.
2. Record the IP addresses necessary for your NAT configuration.
3. If you are using dynamic NAT, configure the necessary standard ACLs.
The following sections outline these steps in more detail.
Consider Your Company’s Requirements for NAT
The Wireless Edge Services zl Module supports a variety of options for NAT. Use
the following scenarios to determine which options you must configure:
■ You want to assign wireless stations to VLANs reserved for wireless traffic
(either for security or to conserve IP addresses on your LAN or both). All
wireless stations will share a single IP address in your LAN—an address used
by the Wireless Edge Services zl Module.
Assign the WLAN to a VLAN not used in the Ethernet network. Use DHCP to
assign addresses to wireless stations in that VLAN. (See Chapter 6: “IP Ser-
vices—IP Settings, DHCP, and DNS.”)
Define the VLAN in which the Wireless Edge Services zl Module places wireless
traffic as an inside VLAN and configure dynamic NAT on inside traffic. Or,
define the VLAN as an outside VLAN and configure dynamic NAT on outside
traffic. (For the exact configuration steps, see “Configuring Dynamic NAT” on
page 8-24.)
■ You want to prepare wireless traffic for transmission on the Internet.
This scenario is similar that above. Define VLANs associated with wireless
traffic as inside VLANs and configure dynamic NAT on inside traffic. Make sure
that your Wireless Edge Services zl Module has a valid public IP address and
can reach your Internet Service Provider’s (ISP’s) router.