Manualshelf

WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
51525354555657585960
1-41
Introduction
ProCurve Wireless Edge Services zl Module
NAT. NAT, another function the Wireless Edge Services zl Module’s firewall offers,
modifies addresses in packets’ IP headers. The module supports NAT on both source
addresses and destination addresses.
The Wireless Edge Services zl Module has the following capabilities:
Dynamic source NAT with port mapping—The module translates multiple
source addresses to a single new address, which is one of the module’s own IP
addresses. Although every NATed packet has the same new source address, the
module assigns each session a different source port. The module then maintains
a table that maps each source port to the correct original address, allowing the
module to forward return traffic to its destination.
Static source NAT with optional port translation—The module translates a
single source IP address to a single new address.
Typically, the address after translation is an IP address that is assigned to the
Wireless Edge Services zl Module. However, you can use a different IP address
as long as it is not assigned to another device. If you choose not to use one of
the module’s IP addresses, you must configure proxy ARP so that the module
can respond to ARP requests for the NATed IP address.
You can optionally configure the module to translate the packets source port to
a new port.
Static destination NAT with port forwarding and optional port transla-
tion—The module translates packets destined to a specific IP address (typically
one of the module’s own) to a new IP address. It then forwards the traffic toward
the new destination.
Port forwarding allows the module to differentiate between traffic sent to the
same IP address but different ports. For example, port forwarding can translate
a packet sent to its public IP address on the HTTP port (80) to one IP address
but translate a packet sent to the FTP port (21) to a different address. Port
forwarding allows multiple servers to share the same public IP address.
Port translation, an additional option, allows the Wireless Edge Services zl
Module to translate the destination port as well as the destination IP address. For
example, the module can receive an HTTP packet on port 80 and change its
destination to a Web server that uses the private port 55000.
You can learn more about these capabilities, including how to enable them, in
Chapter 8: “Configuring Network Address Translation (NAT).” The section below
gives some examples of when to use NAT.
Uses for NAT. Typically, NAT works at the interface between two networks con-
trolled by separate entities. For example, you are probably familiar with how NAT
functions on the Internet. The NAT device sits between your private network and the
Internet. It intercepts packets sent from the private network to the Internet, changing