Chapter 11

Network Address Translation

You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses to connect to the Internet. Configure NAT on the HP device at the border of an inside network and an outside network (such as the Internet). NAT translates the internal local addresses to globally unique IP addresses before sending packets to the outside network. NAT also allows a more graceful renumbering strategy for organizations that are changing service providers or voluntarily renumbering into Classless Interdomain Routing (CIDR) blocks.

Use NAT to translate your private (inside) IP addresses into globally unique (outside) IP addresses when communicating outside of your network.

NOTE: This feature is supported on all chassis routing switches with Redundant Management modules. It is not available on HP fixed-port devices.

NOTE: The maximum number of global IP addresses you can configure depends on how much memory the routing switch has and whether you enable the Port Address Translation feature. Regardless of the amount of memory, you cannot configure more than 256 global IP addresses.

NOTE: NAT support is available for traffic originated by hosts on the private network. You cannot configure NAT to translate global addresses into private addresses for traffic generated by global addresses.

An HP device configured for NAT must have an interface to the private network and an interface to a public network (for example, the Internet). In a typical environment, NAT is configured on the HP device between the private network and the Internet. When you configure an HP device for NAT, the device does not advertise the private networks to the Internet. However, the device can advertise route information received from the Internet to the private networks.

Figure 11.1 shows a basic example of a network using NAT on an HP device. In this example, an HP 9308M routing switch is using NAT to translate traffic originated from the hosts on the 10.10.10.x/24 sub-net into public addresses from the address pool.

11 - 1