09-10-2012, 03:38 PM
Network Address Translation
Network Address Translation.pdf (Size: 545.34 KB / Downloads: 251)
You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses to connect to the Internet. Configure NAT on the HP device at the border of an inside network and an outside network (such as the Internet). NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. NAT also allows a more graceful renumbering strategy for organizations that are changing service providers or voluntarily renumbering into Classless Interdomain Routing (CIDR) blocks.
Use NAT to translate your private (inside) IP addresses into globally unique (outside) IP addresses when communicating outside of your network.
• The inside NAT interface is connected to the private addresses.
• The outside NAT interface is connected to the Internet.
The inside NAT interface in Figure 11.1 uses the address pool 209.157.1.2/24 – 209.157.1.254/24 to map the private addresses to public addresses for traffic initiated by hosts in the 10.10.10.x/24 sub-net.
You can configure the following types of NAT:
• Dynamic NAT – Dynamic NAT maps private addresses to Internet addresses in a pool. The global addresses come from a pool of addresses that you configure. In the example in Figure 11.1, the pool is the range of addresses from 209.157.1.2/24 – 209.157.1.254/24. When you use dynamic NAT, the software uses a round robin technique to select a global IP address to map to a private address from a pool that you configure.
• Static NAT – Static NAT maps a particular global IP address with a particular private address. Use static NAT when you want to ensure that the software always maps the same global address to a given private address. For example, use static NAT when you want specific hosts in the private network to always use the same Internet address when communicating outside the private network.
Port Address Translation
Normally, NAT maps each private address that needs to be routed to the outside network to a unique IP address from the pool. However, it is possible for the global address pool to have fewer addresses than the number of private addresses. In this case, you can configure the HP device to use Port Address Translation. Port Address Translation maps a client’s IP address and TCP or UDP port number to both an IP address and a TCP or UDP port number. In this way, the HP device can map many private addresses to the same public address and use TCP or UDP port numbers to uniquely identify the private hosts.
Configuring NAT
To configure NAT, perform the following tasks:
• Configure the static address mappings, if needed. Static mappings explicitly map a specific private address to a specific Internet address to ensure that the addresses are always mapped together. Use static address mappings when you want to ensure that a specific host in the private network is always mapped to the Internet address you specify.
• Configure dynamic NAT parameters:
• Configure a standard or extended ACL for each range of private addresses for which you want to provide NAT.
• Configure a pool for each consecutive range of Internet addresses to which you want NAT to be able to map the private addresses specified in the ACLs. Each pool must contain a range with no gaps. If your Internet address space has gaps, configure separate pools for each consecutive range within the address space.
• Associate a range of private addresses (specified in a standard or extended ACL) with a pool.
• Optionally, enable the Port Address Translation feature. Use this feature if you have more private addresses that might need NAT than the Internet address pools contain.
• Enable inside NAT on the interface connected to the private addresses.
• Enable outside NAT on the interface connected to global addresses. The configuration does not take effect until you enable inside and outside NAT on specific interfaces.