WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

591

592

593

594

595

596

597

598

599

600

8-26

Configuring Network Address Translation (NAT)

Configuring NAT

3. In the NAT Interface field, use the drop-down menu to select the type of interfaces

to which the module applies NAT:

• Inside (Private)—traffic that arrives from the inside network

In other words, inside NAT applies to incoming traffic on an inside interface;

typically, the inside traffic should be bound to the outside network.

Internal addresses are those that you are trying to adjust for, or to conceal

from, the outside world, so you will usually select this option for dynamic

source NAT.

• Outside (Public)—traffic that arrives from the outside network

In other words, incoming traffic on an outside interface.

4. In the NAT Address Type field, leave the setting at Source (the only option

permitted for dynamic translation).

The Wireless Edge Services zl Module translates the source addresses of selected

traffic.

5. In the Access List field, use the drop-down menu to select the ACL that you

configured to select traffic.

This ACL should permit the source addresses that you want to translate. For

inside dynamic NAT, the ACL should select inside addresses as they appear

locally (on the inside network). When using outside dynamic NAT, choose an

ACL that selects outside address as they appear on the outside network. For

example, if your outside network is a publicly used wireless network, the ACL

should select traffic from the IP addresses assigned to wireless stations.

6. From the Interface drop-down menu, select one of the module’s VLAN inter-

faces.

The Wireless Edge Services zl Module translates the source addresses to the IP

address on the specified interface. Ethernet interfaces are named vlan1, vlan2,

and so on.

If you are configuring dynamic NAT on traffic from wireless stations, make sure

to choose an interface that is tagged on the module’s uplink port. In this way,

return traffic from the wired network can reach the wireless stations.

The interface you select is sometimes called the overloaded interface because

many devices share its IP address.

7. Click the OK button.

The definition for dynamic translation is now listed on the Security > NAT > Dynamic

Translation screen. Remember: the translation does not take effect unless you define

an interface as the type on which you configured dynamic NAT. (See “Defining

Interfaces as Outside or Inside” on page 8-22.)