One-To-One Nat For Inbound Traffic - HP 7102dl - ProCurve Secure Router Configuration Manual

Configuring Network Address Translation
NAT Services on the ProCurve Secure Router

One-to-One NAT for Inbound Traffic

The Secure Router OS firewall performs one-to-one NAT on inbound traffic—
traffic being transmitted from the outside, public network to a device on the
internal, trusted network. In this case, NAT is based on the inside destination
IP address.
One-to-one NAT provides translation between a specific local address on the
internal, trusted network and a specific public address that is advertised on
the outside, public network. When the ProCurve Secure Router receives a
packet with a destination address that is the public IP address, the router
translates the destination IP address, changing it to the private address. The
router then forwards the packet to the internal network.
Companies use one-to-one NAT when a device is located on the internal,
trusted network but must be accessed by clients on the Internet. For example,
a company may have a Web server or an FTP server, which is housed on the
company's internal network. To access this server, Internet users enter a URL,
which is resolved (through a Domain Name System [DNS] server) to a public
IP address. The Secure Router OS firewall uses NAT to translate this public
IP address to a private IP address on the company's internal network.
In Figure 6-3, a Web server on the internal network has an IP address of
192.168.1.2. However, the IP address that is advertised for that Web server on
the Internet is 10.10.10.1. When an Internet client sends a request to that Web
server, the destination address is 10.10.10.1.
When the ProCurve Secure Router receives packets with the destination
address of 10.10.10.1, it translates the destination address to the private IP
address of the Web server: 192.168.1.2. The source IP address is not affected.
6-5