Configuring Network Address Translation (NAT)

Size: px
Start display at page:

Download "Configuring Network Address Translation (NAT)"

Transcription

1 8 Configuring Network Address Translation (NAT) Contents Overview Translating Between an Inside and an Outside Network Local and Global Addresses NAT Implementation Methods Dynamic, or Many-to-One, NAT Dynamic NAT for Wireless Traffic Dynamic NAT for Wired Traffic Port Address Translation for Dynamic NAT Static, or One-to-One, NAT Static NAT on Destination Addresses Using Port Forwarding with Static Destination NAT Static NAT on Source Addresses Understanding Local and Global Addresses Planning the NAT Configuration Consider Your Company s Requirements for NAT Record Necessary IP Addresses and Select the NAT Implementation Method Planning the Configuration for Dynamic NAT Planning the Configuration for Static NAT Configuring Standard ACLs for Dynamic NAT Configuring NAT Defining Interfaces as Outside or Inside Configuring Dynamic NAT

2 Contents Configuring Static Translation Configuring Static Source NAT Configuring Static Destination NAT Viewing NAT Status

3 Overview Overview You can configure the ProCurve Wireless Edge Services xl Module to perform Network Address Translation (NAT) on traffic routed between two subnetworks typically, traffic exchanged between the wireless and the wired network. The module can translate either the source or the destination IP address in a packet s IP header to a new address. The Wireless Edge Services xl Module allows you to implement NAT in several different ways. For example, you can configure the module to use a single IP address as the source address for an entire group of wireless stations when these stations transmit data to a wired network. This implementation of NAT allows users whose wireless stations have private IP addresses to access the Internet using one public IP address. NAT also adds another layer of security by concealing the actual IP addresses of wireless devices from users in the wired network. Translating Between an Inside and an Outside Network When implementing NAT, the Wireless Edge Services xl Module distinguishes between an inside and an outside network, and implements NAT at the border between the two networks. When you configure NAT, you define the inside and outside networks by specifying if a given virtual LAN (VLAN) interface is inside or outside. For example, in Figure 8-1, wireless LAN (WLAN) A is assigned to VLAN 8, which has been defined as an inside interface. On the other hand, VLAN 4, which is used in the Ethernet LAN, is defined an outside interface. The setting you select for a particular VLAN either inside or outside depends on how you implement NAT. (The options for implementing NAT are described in NAT Implementation Methods on page 8-5.) 8-3

4 Overview Figure 8-1. Dividing Interfaces into Inside and Outside Interfaces The Wireless Edge Services xl Module always performs NAT on traffic as the traffic arrives on an interface. Because the module can apply NAT to both inside and outside interfaces, it can perform NAT in both directions. Note When the Wireless Edge Services xl Module maps wireless traffic to a VLAN, that traffic is considered to have arrived on the VLAN interface. Local and Global Addresses In addition to identifying inside and outside networks, the Wireless Edge Services xl Module distinguishes between an IP address as it appears before and after translation. The Web browser interface and the command line interface (CLI) use two terms to make this distinction: local IP address the IP address as it appears before translation global IP address the IP address as it appears after translation As mentioned earlier, the Wireless Edge Services xl Module translates the IP address in a packet s IP header. Depending on how you implement NAT, the module can translate a packet s source IP address or its destination IP address. 8-4

5 NAT Implementation Methods Configuring Network Address Translation (NAT) Overview On the Wireless Edge Services xl Module, you can configure: dynamic NAT static NAT Dynamic NAT affects only source IP addresses while static NAT can translate either source or destination IP addresses. Dynamic, or Many-to-One, NAT Perhaps the most common implementation of NAT is dynamic NAT, sometimes called many-to-one NAT because it allows multiple stations to share the same IP address after translation. Dynamic NAT applies only to source IP addresses. You define dynamic NAT using the following specifications: access control lists (ACLs), which select the source IP addresses of traffic on which the Wireless Edge Services xl Module performs NAT a Wireless Edge Services xl Module interface, which defines the IP address to which the source address is translated This NAT method is considered dynamic because when you modify an ACL or interface, the corresponding NAT definition is modified accordingly. You can apply dynamic NAT to traffic that arrives on inside interfaces, on outside interfaces, or on both. The sections below discuss some uses for dynamic NAT for wireless traffic and for wired traffic. (Whether configuring NAT on wireless traffic requires inside or outside NAT depends on how you define the VLAN interface in which the module places wireless traffic.) Dynamic NAT for Wireless Traffic Implementing dynamic NAT on wireless traffic allows you to create VLANs for wireless traffic only. The Wireless Edge Services xl Module assigns WLAN traffic to a VLAN reserved for wireless stations; its internal DHCP server issues wireless stations IP addresses in this VLAN. Before routing wireless traffic into the Ethernet network, the module translates these local DHCP addresses to an IP address valid in the wired network the module s own. This implementation also has the advantage of conserving IP addresses: instead of each wireless station having its own IP address that is valid in the wired network, all wireless stations share the Wireless Edge Services xl Module s address. 8-5

6 Overview Figure 8-2 illustrates this configuration, which allows wireless stations to use IP addresses local to the wireless network but still to open sessions with servers in the Ethernet network. Figure 8-2. Dynamic Source NAT on Wireless Traffic You can also implement NAT on the module to ready wireless traffic for transmission to the Internet if you do not have another device that does so. Many companies have only one public IP address although they have many employees who need Internet access. With dynamic NAT, all these employees can share one IP address. When users on the company s wireless network send requests to the Internet, the Wireless Edge Services xl Module translates the senders local IP addresses to a global address the module s IP address in the wired network. After translating packets source IP addresses, the module forwards the requests onto the Ethernet network and toward the Internet. Dynamic NAT for Wired Traffic You can configure dynamic NAT for traffic bound from the wired network to the wireless network. In this case, the Wireless Edge Services xl Module translates wired devices IP addresses to one of the module s own IP addresses. 8-6

7 Overview You might use dynamic NAT on wired traffic when your wireless network receives a great deal of public traffic. You can then conceal the IP addresses of devices in your private network from the wireless users. (See Figure 8-3.) Figure 8-3. Dynamic Source NAT Again, whether you apply dynamic NAT to inside or outside traffic depends on how you have defined interfaces. In this example, you have defined the VLAN used in the wired network as an outside interface, so you configure outside dynamic NAT. If you want to allow wireless users to access internal servers, you must configure destination NAT to translate the publicly known IP address back to the servers internal addresses. (See Static NAT on Destination Addresses on page 8-8.) In fact, instead of configuring dynamic source NAT to conceal private addresses, you might want to configure only destination NAT. The Wireless Edge Services xl Module automatically performs source NAT on the traffic returning from the server. Port Address Translation for Dynamic NAT To enable multiple users to share one IP address, the Wireless Edge Services xl Module uses port address translation in conjunction with NAT. When the module translates a local IP address to a global address, it assigns each local address a unique port number, as shown in Table

8 Overview The Wireless Edge Services xl Module uses this port number to forward return traffic, which is destined to the single global IP address, to the correct local IP address. For example, Table 8-1 lists possible IP address for the network shown in Figure 8-3. In this case, the module translates all inside addresses (in the /24 subnetwork) to If a packet arrives for on port 4001, the module knows to forward the packet toward the station at Table 8-1. Information Recorded in a Port-Mapping Table for a Sample Network Local IP Address Translated (Global) IP Address Translated Port Destination IP Address Destination Port Static, or One-to-One, NAT You can also configure static definitions for NAT. In this case, you manually specify the following information for each one-to-one NAT: the IP address (and optionally, port) that should be translated the IP address (and optionally, port) that should replace the original address The Wireless Edge Services xl Module can perform static translation on both source IP addresses and destination IP addresses. In addition, it can apply NAT to traffic inbound from the inside network or from the outside network. Static NAT on Destination Addresses One reason to use destination NAT is to allow wireless users to access servers on your internal LAN, while still concealing the servers IP addresses. This use is particularly important when you open your wireless network to the public. Because this wireless network is much like the Internet filled with untrusted users you should implement the same types of security measures that you put in place for users who access your network from the Internet. 8-8

9 Overview Configure destination NAT to allow wireless users to send traffic toward a server s publicly known address. The Wireless Edge Services xl Module translates the traffic s destination address to the correct local address. When the server replies, the module automatically translates the source address back to the address to which the traffic was originally destined, and the private address remains concealed. For example, your company may have a Web server or an FTP server, which is housed on your internal LAN. To access this server, wireless users enter a URL, which is resolved through a Domain Name System (DNS) server to a public IP address. When your Wireless Edge Services xl Module receives a packet destined to this address, it translates the destination IP address and forwards the packet toward the correct internal device. For example, in Figure 8-4, a Web server on the internal LAN has an IP address of However, the IP address to which wireless stations send traffic is When the ProCurve Wireless Edge Services xl Module receives packets with the destination address of , it translates the destination address to the private IP address of the Web server: The source IP address is not affected. (See Figure 8-4.) Therefore, you must ensure that devices in the wired network can route traffic back to the subnetwork used in the wireless network. Figure 8-4. Outside Destination NAT 8-9

10 Overview One principle to remember: on the Wireless Edge Services xl Module, you define which VLANs are inside interfaces and which are outside. Figure 8-4 shows a configuration in which the VLAN used in the Ethernet network is an outside interface. So you configure the destination NAT on inside interfaces (these interfaces receive traffic that is destined to the outside VLAN). As mentioned earlier, you can apply destination NAT to traffic from both the inside and the outside network. In theory, you could also apply destination NAT to traffic being sent from the wired network to the wireless network. However, destination NAT is typically used to allow servers to share a public IP address and to conceal their private addresses. Your wireless network is unlikely to include such servers, so you would probably set up destination NAT in one direction. Using Port Forwarding with Static Destination NAT The Wireless Edge Services xl Module also supports port forwarding for static destination NAT. Port forwarding allows two or more devices on a network to share a single IP address known in the other network. For example, you could have wireless users send traffic that is destined to two different servers to the same IP address: your LAN s Web server your LAN s FTP server The Wireless Edge Services xl Module would then translate the destination IP addresses of all traffic destined to port 80 to the Web server s private IP address (the address on wired network). Likewise, the module would translate all traffic destined to port 21 to the FTP server s private IP address. 8-10

11 Overview Figure 8-5. Outside Destination NAT with Port Forwarding When the module translates the destination IP address, it can also perform port translation, assigning the traffic to the particular port used by the destination device. 8-11

12 Overview Static NAT on Source Addresses Static source NAT is an alternative to dynamic source NAT. However, instead of allowing many stations to share one global address, static source NAT sets up a one-to-one correspondence between a particular IP address and a translated IP address. Use this option only when relatively few devices in one network (inside or outside) need to access devices in the other network. Understanding Local and Global Addresses When you configure NAT on the Wireless Edge Services xl Module, you define a local address and a global address. As mentioned earlier, the local address is the pre-translation address. For source NAT, the local address is always the IP address assigned to the device for the network in which the device resides. In Figure 8-6, the local address is any address used by a device in WLAN A the /24 subnetwork. Figure 8-6. Local Addresses However, for destination NAT, the local address is actually the address as it appears across the border between inside and outside. This is because packets, pre-translation, are destined to the IP address that the originating station knows for the destination device, not the destination s actual IP address. In Figure 8-5 on page 8-11, for example, the local address is

13 Overview Table 8-2 summarizes this terminology. Table 8-2. Terminology for IP Addresses According to NAT Implementation NAT Interface Type (Inside or Outside) NAT Address Type Address Explanation of Address Inside Source Local An inside station s IP address as it appears on the inside network Inside Source Global An inside station s IP address as it appears on the outside network Inside Destination Local An outside station s IP address as it appears on the inside network Inside Destination Global An outside station s IP address as it appears on the outside network Outside Source Local An outside station s IP address as it appears on the outside network Outside Source Global An outside station s IP address as it appears on the inside network Outside Destination Local An inside station s IP address as it appears on the outside network Outside Destination Global An inside station s IP address as it appears on the inside network 8-13

14 Planning the NAT Configuration Planning the NAT Configuration Before you access the Security > NAT screen and begin to set up NAT for your wireless network, you should plan your configuration: 1. Consider your company s network topology and security needs and determine the requirements for NAT. In other words, which NAT methods do you need to configure, and which traffic should be translated. 2. Record the IP addresses necessary for your NAT configuration. 3. If you are using dynamic NAT, configure the necessary standard ACLs. The following sections outline these steps in more detail. Consider Your Company s Requirements for NAT The Wireless Edge Services xl Module supports a variety of options for NAT. Use the following scenarios to determine which options you must configure: You want to assign wireless stations to VLANs reserved for wireless traffic (either for security or to conserve IP addresses on your LAN or both). All wireless stations will share a single IP address in your LAN an address used by the Wireless Edge Services xl Module. Assign the WLAN to a VLAN not used in the Ethernet network. Use DHCP to assign addresses to wireless stations in that VLAN. (See Chapter 6: IP Services IP Settings, DHCP, and DNS.) Define the VLAN in which the Wireless Edge Services xl Module places wireless traffic as an inside VLAN and configure dynamic NAT on inside traffic. Or, define the VLAN as an outside VLAN and configure dynamic NAT on outside traffic. (For the exact configuration steps, see Configuring Dynamic NAT on page 8-24.) You want to prepare wireless traffic for transmission on the Internet. This scenario is similar that above. Define VLANs associated with wireless traffic as inside VLANs and configure dynamic NAT on inside traffic. Make sure that your Wireless Edge Services xl Module has a valid public IP address and can reach your Internet Service Provider s (ISP s) router. 8-14

15 Planning the NAT Configuration You want to conceal IP addresses used in your LAN from wireless users. Separate the VLANs for wired traffic from the VLANs for wireless traffic: When you specify the uplink VLANs in which the Wireless Edge Services xl Module places traffic from WLANs, choose different VLANs from those already used in the wired network. Next, define the wired VLANs as inside interfaces and define the wireless VLANs as outside interfaces. Configure static destination NAT on outside traffic. Each static destination NAT definition allows you to map a global IP address and destination port to a particular address used in your internal network, typically that of network servers. Create a different NAT definition for each server in the Ethernet network that users in the wireless network must access. Note The Wireless Edge Services xl Module performs at most one type of NAT on a packet. Therefore, you should typically configure source NAT for either inside or outside interfaces. For example, your internal (wired) network might use VLAN 2, and the module might perform dynamic source NAT on all traffic from that VLAN, translating the addresses used on the Ethernet network to the module s address on the wireless network. You might also configure static destination NAT for wireless traffic destined to certain wired servers. Configuring dynamic NAT for wireless traffic would have no effect on traffic destined to the wired resources: when the module translates an outside packet s destination address, it does not apply dynamic NAT. Because wireless traffic enters the Ethernet network with its source address unchanged, the Ethernet infrastructure devices must know routes to the subnetwork for wireless traffic. Record Necessary IP Addresses and Select the NAT Implementation Method As part of your NAT planning, you should record: local address the address or addresses that will be translated global address the address that will replace the local address when the module applies NAT 8-15

16 Planning the NAT Configuration You should also determine which NAT implementation method you are using. For example, if you want to conserve IP addresses on your LAN, you will probably decide to use dynamic NAT on inside traffic. If you want to allow wireless users access to private Web or FTP servers with concealed IP addresses, you will use static NAT. Planning the Configuration for Dynamic NAT If you are using dynamic NAT, you must use ACLs to specify which traffic the Wireless Edge Services xl Module NATs. Consider which IP addresses these ACLs should select. For example, if you want to NAT all traffic from wireless stations in a particular WLAN, you can create an ACL that permits any IP address and specifies that particular WLAN. You may want the Wireless Edge Services xl Module to NAT traffic from wireless stations before that traffic enters your wired network. In this case, you would first configure the module to place wireless stations in a particular VLAN and act as a DHCP server, assigning the stations IP addresses in a corresponding subnet. Before the module forwarded this traffic to the wired network, it would NAT the traffic to a single IP address, as shown in Figure 8-7. Figure 8-7. Dynamic NAT on a Sample Network 8-16

17 Planning the NAT Configuration For this NAT implementation, you would record the IP addresses specified in the DHCP pool and configure an ACL that selects those addresses. Table 8-3 lists the actual IP addresses that you would record for the sample network shown in Figure 8-7. Table 8-3. Recording Addresses for Dynamic NAT on a Sample Network NAT Interface Type (Inside or Outside) NAT Address Type Local or Global Address Recorded Addresses for the Sample Network Inside Source Local (stations IP addresses as they appear on the wireless network) Inside Source Global (IP address for all stations as it appears on the wired network) /24 subnetwork assigned through DHCP and specified in an ACL module s vlan 1 IP address Planning the Configuration for Static NAT For static NAT, you manually specify the IP address and port settings within each NAT configuration. You must configure a separate static definition specifically for each IP address that your Wireless Edge Services xl Module must translate. Before configuring static destination NAT for traffic destined to network servers, collect the following information: the IP address that you want to advertise to wireless stations (through, for example, a DNS server) This will be the original destination address (local address) for incoming packets. the destination port for traffic that will be subject to NAT (local port) and the corresponding protocol (TCP or UDP) This setting is for port translation, which enables multiple internal servers to share one advertised IP address. For example, the Wireless Edge Services xl Module can select traffic destined to: a Web server on port 80 an FTP server on port 21 the internal device s IP address on your LAN This will be the translated destination address (global address). the translated destination port (global port) This setting is also optional. If you do not specify this port, the module forwards traffic to the destination port on which it arrived. 8-17

18 Planning the NAT Configuration To configure static source NAT, you must know: the local address to which the module must apply NAT the global address to which the module should translate the original address You can optionally specify a new source port for the translated traffic. In Figure 8-8, for example, the company wants to conceal the actual IP address of its Web server The company has also set up its Web server to use a different port port For this implementation, you must configure destination NAT with port translation. Figure 8-8. Outside Destination NAT with Port Translation on a Sample Network In Figure 8-8, the VLAN for wireless stations is the inside interface, so the Web server is an outside device. Therefore you must set up inside destination NAT. You could alternatively define the Web server s VLAN as the inside interface, in which case you would configure outside destination NAT. When you record the local address for destination NAT, identify the destination device s IP address as it appears on the source network. On the wireless network, the Web server s IP address appears to be For this sample network, you would record for the local address, as shown in Table

19 Planning the NAT Configuration When you record the global address for destination NAT, identify the inside device s IP address as it appears in the destination network. For the sample network, the Web server s actual IP address is You would, therefore, record as the global address. Because the sample network is also using port address translation, you should record the port for the translated traffic, as shown in Table 8-4. Table 8-4. Recording Addresses for Outside Destination NAT NAT Interface Type NAT Address Type Local or Global Address Local or Global Port Recorded Addresses for the Sample Network Recorded Ports for the Sample Network Inside Destination Local (outside device s IP address as it appears on the inside network) Inside Destination Global (outside device s IP address as it appears on the outside network) Local (port to which the inside devices originally send traffic) Global (port used by the outside device)

20 Configuring Standard ACLs for Dynamic NAT Configuring Standard ACLs for Dynamic NAT To configure dynamic translation, you use a standard ACL to select the IP addresses that the Wireless Edge Services xl Module NATs. Although you can use any ACL that you have configured, you will probably want to configure ACLs to meet the specific requirements for your NAT implementation. Remember that depending on the types of NAT you are configuring, you might need to create several ACLs. If your module will NAT both inside and outside traffic, you must create one ACL to select IP addresses used in the inside network and one ACL that selects addresses used in the outside network. To create ACLs, use the procedure documented in Chapter 7: Access Control Lists (ACLs). For NAT, you must create a standard IP ACL. To add rules to the ACL, use the screen shown in Figure 8-9. Figure 8-9. Add Rule Screen for Standard IP ACLs 8-20

21 Configuring Standard ACLs for Dynamic NAT The full procedure for adding rules to ACLs is documented in Chapter 7: Access Control Lists (ACLs). The following rule guidelines apply to ACLs used for NAT: In the Operation field, the permit operation means that traffic will be subject to NAT; the deny operation means that traffic will not be subject to NAT. (The mark operation does not apply to NAT.) The entries in the Filters area specify the source IP address or range of source IP addresses for which NAT will be either permitted or denied. (The Wlan Index entry is optional.) For example, to NAT all traffic that arrives from the wireless network, you would set up a permit any rule. Or, to NAT all traffic from a particular subnet, the rule would specify the subnet s IP address and subnet mask. For example, you might have mapped a particular WLAN to a VLAN, and then set up a DHCP pool for that VLAN on the Wireless Edge Services xl Module. To apply NAT to all of the wireless stations that have been assigned addresses in that VLAN, specify the VLAN s subnet IP address and mask. After you have created ACLs and added rules to them, you can select those ACLs when you set up NATs using dynamic translation. (See Configuring Dynamic NAT on page 8-24.) 8-21

22 Configuring NAT Configuring NAT To configure NAT, follow these steps: 1. Enable routing. See IP Settings on page 6-3 of Chapter 6: IP Services IP Settings, DHCP, and DNS. 2. Define interfaces as inside or outside interfaces. When you create a NAT definition, you will select whether this definition applies to inside or outside traffic. To do so, you must know which Wireless Edge Services xl Module interfaces connect to inside networks and which to outside networks. See Defining Interfaces as Outside or Inside on page Configure one or both types of NATs: Dynamic translation based on ACLs, which permit or deny NAT based on IP addresses; as the ACL configuration changes, the NAT configuration changes as well. Static translation configured to specific IP addresses and ports; any configuration changes are made within the NAT configuration itself. Defining Interfaces as Outside or Inside NAT configurations have no effect until you map interfaces to NAT by defining particular interfaces as outside or inside. For example, when traffic arrives on an inside interface, the module applies the configurations created for inside NAT (as long as the traffic matches the specifications for that NAT definition). Note NAT applies to traffic that arrives on an interface. NAT does not affect traffic sent from an interface. To define an interface as outside or inside, complete these steps: 1. Select Security > NAT and click the Interfaces tab. 8-22

23 Configuring NAT Figure Security > NAT > Interfaces Screen 2. Click the Add button. The Add Interface screen is displayed. Figure Add Interface Screen 3. In the Interfaces field, use the drop-down menu to select an interface configured on the module. 8-23

24 Configuring NAT 4. In the Type field, use the drop-down menu to select either Inside (Private) or Outside (Public). 5. Click the OK button. The interface is now listed on the Security > NAT > Interfaces screen. Figure Interface Assignment in Security > NAT > Interfaces Screen Configuring Dynamic NAT For each NAT configuration that will use dynamic NAT, you must first set up an ACL. This ACL contains rules that select the source addresses for traffic to be translated. For information about creating this ACL, see Chapter 7: Access Control Lists (ACLs) and Configuring Standard ACLs for Dynamic NAT on page To configure dynamic translation, complete these steps: 1. Select Security > NAT and click the Dynamic Translation tab. 8-24

25 Configuring NAT Figure Security > NAT > Dynamic Translation Screen 2. Click the Add button. The Add Dynamic Translation screen is displayed. Figure Add Dynamic Translation Screen 8-25

26 Configuring NAT 3. In the NAT Interface field, use the drop-down menu to select the type of interfaces to which the module applies NAT: Inside (Private) traffic that arrives from the inside network In other words, inside NAT applies to incoming traffic on an inside interface; typically, the inside traffic should be bound to the outside network. Internal addresses are those that you are trying to adjust for, or to conceal from, the outside world, so you will usually select this option for dynamic source NAT. Outside (Public) traffic that arrives from the outside network In other words, incoming traffic on an outside interface. 4. In the NAT Address Type field, leave the setting at Source (the only option permitted for dynamic translation). The Wireless Edge Services xl Module translates the source addresses of selected traffic. 5. In the Access List field, use the drop-down menu to select the ACL that you configured to select traffic. This ACL should permit the source addresses that you want to translate. For inside dynamic NAT, the ACL should select inside addresses as they appear locally (on the inside network). When using outside dynamic NAT, choose an ACL that selects outside address as they appear on the outside network. For example, if your outside network is a publicly used wireless network, the ACL should select traffic from the IP addresses assigned to wireless stations. 6. From the Interface drop-down menu, select one of the module s VLAN or tunnel interfaces. The Wireless Edge Services xl Module translates the source addresses to the IP address on the specified interface. Ethernet interfaces are named vlan1, vlan2, and so on; GRE tunnel interfaces are named tunnel1, tunnel2, and so on. If you are configuring dynamic NAT on traffic from wireless stations, make sure to choose an interface that is tagged on the module s uplink port. In this way, return traffic from the wired network can reach the wireless stations. The interface you select is sometimes called the overloaded interface because many devices share its IP address. 7. Click the OK button. 8-26

27 Configuring NAT The definition for dynamic translation is now listed on the Security > NAT > Dynamic Translation screen. Remember: the translation does not take effect unless you define an interface as the type on which you configured dynamic NAT. (See Defining Interfaces as Outside or Inside on page 8-22.) Figure Dynamic NAT Configuration in the Security > NAT > Dynamic Translation Screen Configuring Static Translation Static translation sets up a one-to-one correspondence between a source or destination IP address and a translated IP address. The configuration steps depend on whether you configuring static source NAT or static destination NAT. 8-27

28 Configuring NAT Configuring Static Source NAT When the Wireless Edge Services xl Module stands between two networks that use different IP addresses, static source NAT allows a device in one network to reach devices in the other network. The module translates traffic s source address so that the device that sent the traffic appears to have a valid IP address in the other network. Note that the more typical configuration for source NAT is often dynamic NAT because it allows multiple devices to share the same translated IP address. To configure a static source translation, complete these steps: 1. Select Security > NAT and click the Static Translation tab. Figure Security > NAT > Static Translation Screen 2. Click the Add button. The Add Static Translation screen is displayed. 8-28

29 Configuring NAT Figure Add Static Translation Screen 3. In the NAT section, select the Interface Type and Address Type: a. The Interface Type determines to which interfaces the Wireless Edge Services xl Module applies the static NAT definition: Outside (Public) incoming traffic on an outside interface Inside (Private) incoming traffic on an inside interface b. For the Address Type, select Source The module translates the packet s source IP address. The correct settings depend, of course, on the goal of the NAT configuration and on how you have defined interfaces in your network. When you select Source for the Address Type, the Interface Type choice is relatively straightforward: choose Inside (Private) to apply NAT to inside devices and Outside (Public) to apply NAT to outside devices. See the Static, or One-to-One, NAT on page 8-8 and Planning the NAT Configuration on page 8-14 for more guidelines on choosing these settings. 4. In the Before Translation section, specify the IP address of traffic to which the module should apply NAT. a. In the Local Address field, enter the IP address to be translated. This address depends on the choices that you made in the NAT section. Refer to Table

30 Configuring NAT Table 8-5. Determining the IP Address for the Local Address Field Interface Type Address Type IP Address for the Local Address Field Inside (Private) Source IP address of an inside device as it appears on the inside network Outside (Public) Source IP address of an outside device as it appears on the outside network For example, for source NAT, enter the configured IP address assigned to a device in its own network. This address is typically allocated out of a private address space. b. The Local Port field is not available for source NAT. 5. In the After Translation section, specify the IP address to which the Wireless Edge Services xl Module should translate the source address: a. In the Global Address field, enter the IP address as it should appear after translation. See Table 8-6 for guidelines on specifying this address. Table 8-6. Determining the IP Address for the Global Address Field Interface Type Address Type IP Address for the Global Address Field Inside (Private) Source IP address of an inside device as it should appear on the outside network Outside (Public) Source IP address of an outside device as it should appear on the inside network Make sure to enter a valid IP address on this Wireless Edge Services xl Module. Select an address that is valid in the network to which the traffic is destined. For example, if you are configuring source NAT for a wireless device, enter an IP address on a VLAN tagged on the uplink. b. The Global Port field is not available for source NAT. The Wireless Edge Services xl Module automatically assigns a port to the translated packet. 6. Click the OK button. The static NAT definition is now listed on the Security > NAT > Static Translation screen. Remember: the translation does not take effect unless you define an interface as the type on which you configured static source NAT. (See Defining Interfaces as Outside or Inside on page 8-22.) 8-30

31 Configuring NAT Figure Static NAT Definition in the Security > NAT > Static Translation Screen Configuring Static Destination NAT Again, the Wireless Edge Services xl Module stands between two networks that use different IP addresses. Destination NAT allows clients in one network to open sessions with servers in the other network. You must configure destination NAT statically. To configure a static destination translation, complete these steps: 1. Select Security > NAT and click the Static Translation tab. 8-31

32 Configuring NAT Figure Security > NAT > Static Translation Screen 2. Click the Add button. The Add Static Translation screen is displayed. 8-32

33 Configuring NAT Figure Add Static Translation Screen 3. In the NAT section, select the Interface Type and Address Type: a. The Interface Type determines to which interfaces the Wireless Edge Services xl Module applies the static NAT definition: Outside (Public) incoming traffic on an outside interface Inside (Private) incoming traffic on an inside interface b. For the Address Type, select Destination the module translates the destination IP address in the IP header. The correct settings depend, of course, on the goal of the NAT configuration and on how you have defined interfaces in your network. Remember: destination NAT allows client traffic to reach servers at public IP address, and servers are typically in your wired network. If you define VLANs for wired servers as outside interfaces, you should define VLANs for wireless traffic as inside interfaces. Then select Destination for the Address Type and Inside(Private) for the Interface Type. On the other hand, you might define VLANs for wireless traffic as outside interfaces. In this case, select Destination for the Address Type and Outside(Public) for the Interface Type. In either case, NAT applies to traffic from wireless stations destined to wired servers. See the Static, or One-to-One, NAT on page 8-8 and Planning the NAT Configuration on page 8-14 for more guidelines on choosing these settings. 8-33

34 Configuring NAT 4. Select either TCP or UDP in the Protocol drop-down menu. This setting, which is available only for destination NAT, allows you to configure port forwarding. Choose the protocol for the application for which you are creating the NAT definition. For example, if you are setting up destination NAT to allow wireless stations to reach your Web server, select TCP. 5. In the Before Translation section, specify the IP address and port to the traffic to be translated is destined. a. In the Local Address field, enter the IP address to be translated. This address depends on the choices that you made in the NAT section. Refer to Table 8-5. Table 8-7. Determining the IP Address for the Local Address Field Interface Type Address Type IP Address for the Local Address Field Inside (Private) Destination IP address of an outside device as it appears on the inside network Outside (Public) Destination IP address of an inside device as it appears on the outside network For destination NAT, the local address is actually the IP address of a host as it appears to hosts in the opposite network. So if you are using destination NAT to translate wireless requests to a wired server, enter the address known in the wireless network (typically, the Wireless Edge Services xl Module s). b. In the Local Port field, enter the port to which the traffic to be translated is destined. Specify a number from 1 through 65,535. This setting is used for port forwarding and is available only when you select Destination for the Address Type. See Using Port Forwarding with Static Destination NAT on page 8-10 for more information. For example, you are setting up NAT for traffic inbound from a public wireless network to your internal FTP server. This traffic from the public network is destined to port 21, so you enter 21 in the Local Port field. 6. In the After Translation section, specify how the Wireless Edge Services xl Module should translate the IP header: a. In the Global Address field, enter the IP address as it should appear after translation. In other words, enter the actual IP address of the server to which the traffic is destined. 8-34

35 Configuring NAT See Table 8-6 for guidelines on specifying this address. Table 8-8. Determining the IP Address for the Global Address Field Interface Type Address Type IP Address for the Global Address Field Inside (Private) Destination IP address of an outside device on the outside network Outside (Public) Destination IP address on an inside device on the inside network In the example in which you are configuring destination NAT to allow public access to your company s FTP server, you would enter the FTP server s private address. b. In the Global Port field, enter the port to which the Wireless Edge Services xl Module should forward the traffic. This optional setting for destination NAT provides port translation. For example, traffic arrives for your internal Web server on its public IP address and the standard HTML port 80 (which you specify in the Local Port field of the Before Translation section). The module translates the traffic to the Web server s private address and a private port, selected by your company. Enter the private address in the Global Address field and the private port in the Global Port field. 7. Click the OK button. The static NAT definition is now listed on the Security > NAT > Static Translation screen. Remember: the translation does not take effect unless you define an interface as the type on which you configured static destination NAT. (See Defining Interfaces as Outside or Inside on page 8-22.) 8-35

36 Configuring NAT Figure Static NAT Definition in the Security > NAT > Static Translation Screen Viewing NAT Status To view current translations, select Security > NAT and click the Status tab. Alternatively, you can select Security and click the NAT Status tab. (See Figure 8-22.) 8-36

37 Configuring NAT Figure Security > NAT > Status Screen Each active session to which the Wireless Edge Services xl Module has applied NAT is displayed in a row. The screen columns show the IP addresses associated with the session: Inside-Global the source IP address as it appears in the destination device s network Inside-Local the source IP address as it appears in the source device s network Outside-Global the destination IP address as it appears in the destination device s network Outside-Local the destination IP address as it appears in the source device s network For example, if you have configured dynamic source NAT on inside traffic, the Inside-Local column lists the IP address of the source device in the inside network. The Inside-Global column lists the translated IP address. (See the top row in Figure 8-22.) 8-37

38 Configuring NAT The number after a colon indicates the port. For example, the module has translated the source IP addresses in the first three rows to the same global source address, but different port numbers. On the other hand, for a session using static destination NAT on outside traffic, the translation appears in the Outside-Global and Outside-Local columns. The Outside-Local column shows the IP address to which the source device actually destines the packet. The Outside-Global column shows the destination IP address after the module has translated it to the destination device s actual address. (See Figure 8-23.) Figure Viewing Outside NAT in the Security > NAT > Status Screen To export statistical information about a specific session, select the row and click the Export button. On the screen that is displayed, specify the destination filename and location. 8-38

39 Configuring NAT The logged information is saved to a comma-separated values (CSV) file on your workstation, which lets you: save information that might be important later, while keeping logs or statistics clear for future events send a file to support staff for troubleshooting help pool information from multiple devices in a central location track patterns of network activity 8-39

40 Configuring NAT 8-40

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007

Wireless Edge Services xl Module 2.0 Update NPI Technical Training June 2007 ProCurve Wireless Edge Services xl Module v.2 Software NPI Technical Training NPI Technical Training Version: 1.5 12 June 2007 2007 Hewlett-Packard Development Company, L.P. The information contained herein

More information

Configuring Network Address Translation

Configuring Network Address Translation 6 Configuring Network Address Translation Contents NAT Services on the ProCurve Secure Router....................... 6-2 Many-to-One NAT for Outbound Traffic........................ 6-2 Using NAT with

More information

Wireless Local Area Networks (WLANs)

Wireless Local Area Networks (WLANs) 4 Wireless Local Area Networks (WLANs) Contents Overview...................................................... 4-3 Configuration Options: Normal Versus Advanced Mode.............. 4-4 Normal Mode Configuration..................................

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

Implementing Network Address Translation and Port Redirection in epipe

Implementing Network Address Translation and Port Redirection in epipe Implementing Network Address Translation and Port Redirection in epipe Contents 1 Introduction... 2 2 Network Address Translation... 2 2.1 What is NAT?... 2 2.2 NAT Redirection... 3 2.3 Bimap... 4 2.4

More information

Configuring PA Firewalls for a Layer 3 Deployment

Configuring PA Firewalls for a Layer 3 Deployment Configuring PA Firewalls for a Layer 3 Deployment Configuring PAN Firewalls for a Layer 3 Deployment Configuration Guide January 2009 Introduction The following document provides detailed step-by-step

More information

UIP1868P User Interface Guide

UIP1868P User Interface Guide UIP1868P User Interface Guide (Firmware version 0.13.4 and later) V1.1 Monday, July 8, 2005 Table of Contents Opening the UIP1868P's Configuration Utility... 3 Connecting to Your Broadband Modem... 4 Setting

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax Dual Band Wireless-N Router WNDR3300, including LAN, WAN, and routing settings.

More information

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG5 How-To Guide. Network Address Translation. July 2011 Revision 1.0

Configuration Guide for RFMS 3.0 Initial Configuration. WiNG5 How-To Guide. Network Address Translation. July 2011 Revision 1.0 Configuration Guide for RFMS 3.0 Initial Configuration XXX-XXXXXX-XX WiNG5 How-To Guide Network Address Translation July 2011 Revision 1.0 MOTOROLA and the Stylized M Logo are registered in the US Patent

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Enabling NAT and Routing in DGW v2.0 June 6, 2012 Enabling NAT and Routing in DGW v2.0 June 6, 2012 Proprietary 2012 Media5 Corporation Table of Contents Introduction... 3 Starting Services... 4 Distinguishing your WAN and LAN interfaces... 5 Configuring

More information

Chapter 11 Network Address Translation

Chapter 11 Network Address Translation Chapter 11 Network Address Translation You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses

More information

Using Remote Desktop Software with the LAN-Cell 3

Using Remote Desktop Software with the LAN-Cell 3 Using Remote Desktop Software with the LAN-Cell 3 Technote LCTN3010 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail:

More information

Topic 7 DHCP and NAT. Networking BAsics.

Topic 7 DHCP and NAT. Networking BAsics. Topic 7 DHCP and NAT Networking BAsics. 1 Dynamic Host Configuration Protocol (DHCP) IP address assignment Default Gateway assignment Network services discovery I just booted. What network is this? What

More information

Broadband Phone Gateway BPG510 Technical Users Guide

Broadband Phone Gateway BPG510 Technical Users Guide Broadband Phone Gateway BPG510 Technical Users Guide (Firmware version 0.14.1 and later) Revision 1.0 2006, 8x8 Inc. Table of Contents About your Broadband Phone Gateway (BPG510)... 4 Opening the BPG510's

More information

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials. CHAPTER 5 OBJECTIVES Configure a router with an initial configuration. Use the

More information

VLSM & IP ADDRESSING EXAMPLE QUESTIONS with answers;

VLSM & IP ADDRESSING EXAMPLE QUESTIONS with answers; VLSM & IP ADDRESSING EXAMPLE QUESTIONS with answers; 1 Given the network address of 112.44.0.0 and the network mask of 255.255.0.0 Would the two stations with addresses 112.44.22.19/16 and 112.44.23.2/16

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

Technical Support Information

Technical Support Information Technical Support Information Broadband Module/Broadband Module Plus Configuration Guidance Setting up Remote Access to a Network Device (Mail/File Server/Camera Etc) connected to the LAN port of the Broadband

More information

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN Applicable Version: 10.6.2 onwards Overview Virtual host implementation is based on the Destination NAT concept. Virtual

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

NETWORK SET UP GUIDE FOR

NETWORK SET UP GUIDE FOR NETWORK SET UP GUIDE FOR USZ11ZS USX21ZS USX31ZAND DVRX16D DVRX32D HDDX13D SUPPORTING ROUTER D-Link Linksys NETGEAR BELKI IP Addresses on the Internet When you connect to the Internet, through dialup connection,

More information

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches print email Article ID: 4941 Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches Objective In an ever-changing business environment, your

More information

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall

FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall FSM73xx GSM73xx GMS72xxR Shared access to the Internet across Multiple routing VLANs using a Prosafe Firewall This document describes how to: - Create multiple routing VLANs - Obtain Internet access on

More information

Optimum Business SIP Trunk Set-up Guide

Optimum Business SIP Trunk Set-up Guide Optimum Business SIP Trunk Set-up Guide For use with IP PBX only. SIPSetup 07.13 FOR USE WITH IP PBX ONLY Important: If your PBX is configured to use a PRI connection, do not use this guide. If you need

More information

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing

Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing Deployment Guide AX Series for Palo Alto Networks Firewall Load Balancing DG_PAFWLB_120718.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Prerequisites... 4 3 Architecture Overview... 5 4 Access Credentials...

More information

Chapter 1 Configuring Basic Connectivity

Chapter 1 Configuring Basic Connectivity Chapter 1 Configuring Basic Connectivity This chapter describes the settings for your Internet connection and your wireless local area network (LAN) connection. When you perform the initial configuration

More information

Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0

Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0 Avaya Solution & Interoperability Test Lab Configuring the Juniper NetScreen Firewall Security Policies to support Avaya IP Telephony Issue 1.0 Abstract These Application Notes describes a procedure for

More information

Chapter 12 Supporting Network Address Translation (NAT)

Chapter 12 Supporting Network Address Translation (NAT) [Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information

More information

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Hosting more than one FortiOS instance on. VLANs. 1. Network topology Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of

More information

Chapter 3 Security and Firewall Protection

Chapter 3 Security and Firewall Protection Chapter 3 Security and Firewall Protection This chapter describes how to use the basic firewall features of the ADSL2+ Modem Router to protect your network. Firewall Settings You can set up the ADSL2+

More information

Accessing Remote Devices via the LAN-Cell 2

Accessing Remote Devices via the LAN-Cell 2 Accessing Remote Devices via the LAN-Cell 2 Technote LCTN0017 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail: support@proxicast.com

More information

SwiftBroadband and IP data connections

SwiftBroadband and IP data connections SwiftBroadband and IP data connections Version 01 30.01.08 inmarsat.com/swiftbroadband Whilst the information has been prepared by Inmarsat in good faith, and all reasonable efforts have been made to ensure

More information

Using Remote Desktop Software with the LAN-Cell

Using Remote Desktop Software with the LAN-Cell Using Remote Desktop Software with the LAN-Cell Technote LCTN0010 Proxicast, LLC 312 Sunnyfield Drive Suite 200 Glenshaw, PA 15116 1-877-77PROXI 1-877-777-7694 1-412-213-2477 Fax: 1-412-492-9386 E-Mail:

More information

AP6511 First Time Configuration Procedure

AP6511 First Time Configuration Procedure AP6511 First Time Configuration Procedure Recommended Minimum Configuration Steps From the factory, all of the 6511 AP s should be configured with a shadow IP that starts with 169.254.xxx.xxx with the

More information

Networking Security IP packet security

Networking Security IP packet security Networking Security IP packet security Networking Security IP packet security Copyright International Business Machines Corporation 1998,2000. All rights reserved. US Government Users Restricted Rights

More information

This chapter describes how to set up and manage VPN service in Mac OS X Server.

This chapter describes how to set up and manage VPN service in Mac OS X Server. 6 Working with VPN Service 6 This chapter describes how to set up and manage VPN service in Mac OS X Server. By configuring a Virtual Private Network (VPN) on your server you can give users a more secure

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

Chapter 7. Address Translation

Chapter 7. Address Translation Chapter 7. Address Translation This chapter describes NetDefendOS address translation capabilities. Dynamic Network Address Translation, page 204 NAT Pools, page 207 Static Address Translation, page 210

More information

nexvortex Setup Template

nexvortex Setup Template nexvortex Setup Template ZULTYS, INC. April 2013 5 1 0 S P R I N G S T R E E T H E R N D O N V A 2 0 1 7 0 + 1 8 5 5. 6 3 9. 8 8 8 8 Introduction This document is intended only for nexvortex customers

More information

Chapter 5 Customizing Your Network Settings

Chapter 5 Customizing Your Network Settings Chapter 5 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the RangeMax NEXT Wireless Router WNR834B, including LAN, WAN, and routing settings.

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs

CompTIA Network+ N Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs CompTIA Network+ N10 005 Official Cert Guide Mapping Guide to CompTIA Network+ Simulator Labs Domain 1.0: Network Concepts 1.1 Compare the layers of the OSI and TCP/IP Models TCP/IP Model Layer Matching

More information

Multi-Homing Security Gateway

Multi-Homing Security Gateway Multi-Homing Security Gateway MH-5000 Quick Installation Guide 1 Before You Begin It s best to use a computer with an Ethernet adapter for configuring the MH-5000. The default IP address for the MH-5000

More information

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation

Basic ViPNet VPN Deployment Schemes. Supplement to ViPNet Documentation Basic ViPNet VPN Deployment Schemes Supplement to ViPNet Documentation 1991 2015 Infotecs Americas. All rights reserved. Version: 00121-04 90 01 ENU This document is included in the software distribution

More information

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev.

Management Software. Web Browser User s Guide AT-S106. For the AT-GS950/48 Gigabit Ethernet Smart Switch. Version 1.0.0. 613-001339 Rev. Management Software AT-S106 Web Browser User s Guide For the AT-GS950/48 Gigabit Ethernet Smart Switch Version 1.0.0 613-001339 Rev. A Copyright 2010 Allied Telesis, Inc. All rights reserved. No part of

More information

2Wire IG 2700 ADSL Router. RJ45 connecting cable

2Wire IG 2700 ADSL Router. RJ45 connecting cable Technical Support Information Case 2. BT ADSL Routers IG2700 (BT Business Hub) configuration to allow a BT Versatility Broadband Module (BBM) IP Gateway connection for IP Extensions (VoIP) when the Broadband

More information

Set Up a VM-Series Firewall on the Citrix SDX Server

Set Up a VM-Series Firewall on the Citrix SDX Server Set Up a VM-Series Firewall on the Citrix SDX Server Palo Alto Networks VM-Series Deployment Guide PAN-OS 6.1 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa

More information

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,

More information

LESSON 3.6. 98-366 Networking Fundamentals. Understand TCP/IP

LESSON 3.6. 98-366 Networking Fundamentals. Understand TCP/IP Understand TCP/IP Lesson Overview In this lesson, you will learn about: TCP/IP Tracert Telnet Netstat Reserved addresses Local loopback IP Ping Pathping Ipconfig Protocols Anticipatory Set Experiment with

More information

Configuring Routers and Their Settings

Configuring Routers and Their Settings Configuring Routers and Their Settings When installing a router on your home network the routers settings are usually defaulted to automatically protect your home, and simplify setup. This is done because

More information

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version 3.40 12/2004

Prestige 202H Plus. Quick Start Guide. ISDN Internet Access Router. Version 3.40 12/2004 Prestige 202H Plus ISDN Internet Access Router Quick Start Guide Version 3.40 12/2004 Table of Contents 1 Introducing the Prestige...3 2 Hardware Installation...4 2.1 Rear Panel...4 2.2 The Front Panel

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

Protecting the Home Network (Firewall)

Protecting the Home Network (Firewall) Protecting the Home Network (Firewall) Basic Tab Setup Tab DHCP Tab Advanced Tab Options Tab Port Forwarding Tab Port Triggers Tab DMZ Host Tab Firewall Tab Event Log Tab Status Tab Software Tab Connection

More information

Configuring Security for FTP Traffic

Configuring Security for FTP Traffic 2 Configuring Security for FTP Traffic Securing FTP traffic Creating a security profile for FTP traffic Configuring a local traffic FTP profile Assigning an FTP security profile to a local traffic FTP

More information

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer

Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Lab 9.1.1 Organizing CCENT Objectives by OSI Layer Objectives Organize the CCENT objectives by which layer or layers they address. Background / Preparation In this lab, you associate the objectives of

More information

Barracuda Link Balancer

Barracuda Link Balancer Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503

More information

Using Cisco UC320W with Windows Small Business Server

Using Cisco UC320W with Windows Small Business Server Using Cisco UC320W with Windows Small Business Server This application note explains how to deploy the Cisco UC320W in a Windows Small Business Server environment. Contents This document includes the following

More information

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R

OSBRiDGE 5XLi. Configuration Manual. Firmware 3.10R OSBRiDGE 5XLi Configuration Manual Firmware 3.10R 1. Initial setup and configuration. OSBRiDGE 5XLi devices are configurable via WWW interface. Each device uses following default settings: IP Address:

More information

Implementing IP Addressing Services

Implementing IP Addressing Services Implementing IP Addressing Services Accessing the WAN Chapter 7 Version 4.0 2006 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Objectives Configure DHCP in an enterprise branch network Configure

More information

Pre-lab and In-class Laboratory Exercise 10 (L10)

Pre-lab and In-class Laboratory Exercise 10 (L10) ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students

More information

Chapter 2 Preparing Your Network

Chapter 2 Preparing Your Network Chapter 2 Preparing Your Network This document describes how to prepare your network to connect to the Internet through a router and how to verify the readiness of your broadband Internet service from

More information

Chapter 4 Security and Firewall Protection

Chapter 4 Security and Firewall Protection Chapter 4 Security and Firewall Protection This chapter describes how to use the Security features of the ProSafe Wireless ADSL Modem VPN Firewall Router to protect your network. These features can be

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

RAP Installation - Updated

RAP Installation - Updated RAP Installation - Updated August 01, 2012 Aruba Controller Release 6.1.3.2 The Controller has several wizards that can guide you through a variety of configuration processes. On the Configuration tab

More information

ExamPDF. Higher Quality,Better service!

ExamPDF. Higher Quality,Better service! ExamPDF Higher Quality,Better service! Q&A Exam : 1Y0-A21 Title : Basic Administration for Citrix NetScaler 9.2 Version : Demo 1 / 5 1.Scenario: An administrator is working with a Citrix consultant to

More information

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN

More information

How to configure your Thomson SpeedTouch 780WL for ADSL2+

How to configure your Thomson SpeedTouch 780WL for ADSL2+ How to configure your Thomson SpeedTouch 780WL for ADSL2+ Connecting up your router This guide assumes that you have successfully: unpacked your router connected it up to your phone socket using the DSL

More information

Chapter 3 LAN Configuration

Chapter 3 LAN Configuration Chapter 3 LAN Configuration This chapter describes how to configure the advanced LAN features of your ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN. This chapter contains the following sections

More information

iboss Enterprise Deployment Guide iboss Web Filters

iboss Enterprise Deployment Guide iboss Web Filters iboss Enterprise Deployment Guide iboss Web Filters Copyright Phantom Technologies, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

SSL-VPN 200 Getting Started Guide

SSL-VPN 200 Getting Started Guide Secure Remote Access Solutions APPLIANCES SonicWALL SSL-VPN Series SSL-VPN 200 Getting Started Guide SonicWALL SSL-VPN 200 Appliance Getting Started Guide Thank you for your purchase of the SonicWALL SSL-VPN

More information

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering Introduction Digi Connect Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering The Digi Connect supports five features which provide security and IP traffic forwarding when using incoming

More information

HOWTO: How to configure IPSEC gateway (office) to gateway

HOWTO: How to configure IPSEC gateway (office) to gateway HOWTO: How to configure IPSEC gateway (office) to gateway How-to guides for configuring VPNs with GateDefender Integra Panda Security wants to ensure you get the most out of GateDefender Integra. For this

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services Table of Contents Table of Contents Using the BIG-IP Edge Gateway for layered security and

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

CCT vs. CCENT Skill Set Comparison

CCT vs. CCENT Skill Set Comparison Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification

More information

Chapter 1 Connecting Your Router to the Internet

Chapter 1 Connecting Your Router to the Internet Chapter 1 Connecting Your Router to the Internet This chapter describes how to configure your DG834N RangeMax TM NEXT Wireless ADSL2+ Modem Router Internet connection.when you perform the initial configuration

More information

Cisco AnyConnect Secure Mobility Solution Guide

Cisco AnyConnect Secure Mobility Solution Guide Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page

More information

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial

More information

Setup The Setup screen is the first screen you will see when accessing the Gateway. Most users will be able to configure the Gateway and get it working properly using only the settings on this screen.

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) 100-101: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1) Course Overview This course provides students with the knowledge and skills to implement and support a small switched and routed network.

More information

SSVP SIP School VoIP Professional Certification

SSVP SIP School VoIP Professional Certification SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover

More information

Chapter 1 Personal Computer Hardware------------------------------------------------ 7 hours

Chapter 1 Personal Computer Hardware------------------------------------------------ 7 hours Essential Curriculum Networking Essentials Total Hours: 244 Cisco Discovery 1: Networking for Home and Small Businesses 81.5 hours teaching time Chapter 1 Personal Computer Hardware------------------------------------------------

More information

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks Com.X Router/Firewall Module Use Cases White Paper Version 1.0, 21 May 2014 2014 Far South Networks Document History Version Date Description of Changes 1.0 2014/05/21 Preliminary 2014 Far South Networks

More information

< Introduction > This technical note explains how to connect New SVR Series to DSL Modem or DSL Router. Samsung Techwin Co., Ltd.

< Introduction > This technical note explains how to connect New SVR Series to DSL Modem or DSL Router. Samsung Techwin Co., Ltd. < Introduction > This technical note explains how to connect New to DSL Modem or DSL Router. Samsung Techwin Co., Ltd. 1 Contents 1. General... 4 1.1. DSL (xdsl)... 4 1.2. Modem... 5 1.2.1. Modem... 5

More information

Connecting to and Setting Up a Network

Connecting to and Setting Up a Network Chapter 9 Connecting to and Setting Up a Network Reviewing the Basics 1. How many bits are in a MAC address? 48 bits 2. How many bits are in an IPv4 IP address? In an IPv6 IP address? 32 bits, 128 bits

More information

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0 Avaya Solution & Interoperability Test Lab Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0 Abstract These Application Notes

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

NETGEAR ProSAFE WC7520 Wireless Controller

NETGEAR ProSAFE WC7520 Wireless Controller NETGEAR ProSAFE WC7520 Wireless Controller Confi guring Offi ce and Guest SSIDs Using a Layer 3 Switch on Separate Layer 3 Subnets APPLICATION NOTES INTRODUCTION Business environments are dynamic in nature,

More information

Getting Started Guide

Getting Started Guide SonicWALL Network Security Appliances NETWORK SECURITY TZ 210 Series Getting Started Guide NETWORK SECURITY TZ 210 Series SonicWALL TZ 210 Series Quick Start Start here if you are new to SonicWALL appliances.

More information

Chapter 1 Configuring Internet Connectivity

Chapter 1 Configuring Internet Connectivity Chapter 1 Configuring Internet Connectivity This chapter describes the settings for your Internet connection and your wireless local area network (LAN) connection. When you perform the initial configuration

More information

What is VLAN Routing?

What is VLAN Routing? Application Note #38 February 2004 What is VLAN Routing? This Application Notes relates to the following Dell product(s): 6024 and 6024F 33xx Abstract Virtual LANs (VLANs) offer a method of dividing one

More information

Multifunctional Broadband Router User Guide. Copyright Statement

Multifunctional Broadband Router User Guide. Copyright Statement Copyright Statement is the registered trademark of Shenzhen Tenda Technology Co., Ltd. Other trademark or trade name mentioned herein are the trademark or registered trademark of above company. Copyright

More information

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager

DEPLOYMENT GUIDE Version 1.1. DNS Traffic Management using the BIG-IP Local Traffic Manager DEPLOYMENT GUIDE Version 1.1 DNS Traffic Management using the BIG-IP Local Traffic Manager Table of Contents Table of Contents Introducing DNS server traffic management with the BIG-IP LTM Prerequisites

More information

642 523 Securing Networks with PIX and ASA

642 523 Securing Networks with PIX and ASA 642 523 Securing Networks with PIX and ASA Course Number: 642 523 Length: 1 Day(s) Course Overview This course is part of the training for the Cisco Certified Security Professional and the Cisco Firewall

More information

LAN TCP/IP and DHCP Setup

LAN TCP/IP and DHCP Setup CHAPTER 2 LAN TCP/IP and DHCP Setup 2.1 Introduction In this chapter, we will explain in more detail the LAN TCP/IP and DHCP Setup. 2.2 LAN IP Network Configuration In the Vigor 2900 router, there are

More information