WESM zl Management and Configuration Guide WT.01.28 and greater

8-17

Configuring Network Address Translation (NAT)

Planning the NAT Configuration

Planning the Configuration for Static NAT

For static NAT, you manually specify the IP address and port settings within each

NAT configuration. You must configure a separate static definition specifically for

each IP address that your Wireless Edge Services zl Module must translate.

Before configuring static destination NAT for traffic destined to network servers,

collect the following information:

■ the IP address that you want to advertise to wireless stations (through, for

example, a DNS server)

This will be the original destination address (local address) for incoming packets.

■ the destination port for traffic that will be subject to NAT (local port) and the

corresponding protocol (TCP or UDP)

This setting is for port translation, which enables multiple internal servers to

share one advertised IP address. For example, the Wireless Edge Services zl

Module can select traffic destined to:

• a Web server on port 80

• an FTP server on port 21

■ the internal device’s IP address on your LAN

This will be the translated destination address (global address).

■ the translated destination port (global port)

This setting is also optional. If you do not specify this port, the module forwards

traffic to the destination port on which it arrived.

To configure static source NAT, you must know:

■ the local address to which the module must apply NAT

■ the global address to which the module should translate the original address

You can optionally specify a new source port for the translated traffic.

In Figure 8-8, for example, the company wants to conceal the actual IP address of its

Web server—192.168.1.25. The company has also set up its Web server to use a

different port—port 51000. For this implementation, you must configure destination

NAT with port translation.