Configuring Network Address Translation
NAT Services on the ProCurve Secure Router
6-2
NAT Services on the ProCurve Secure
Router
When you enable the ProCurve Secure Router OS firewall, you can configure
it to perform Network Address Translation (NAT) on traffic exchanged
between the internal, trusted network and the untrusted, public network.
Using NAT allows you to maintain private IP addresses on your network while
providing Internet access to your company's users. It also adds another layer
of security by concealing the actual IP addresses of devices on your network
from all Internet users—including hackers.
The Secure Router OS firewall supports NAT for both source IP addresses and
destination IP addresses. Specifically, it supports:
many-to-one NAT for outbound traffic
one-to-one NAT for inbound traffic
Many-to-One NAT for Outbound Traffic
Based on the source IP address, many-to-one NAT for outbound traffic is the
most common implementation of NAT. Many companies have only one public
IP address, but have many employees who need Internet access. With NAT, all
these employees can share one IP address. When users on a company's
internal network send requests to the Internet, the Secure Router OS firewall
translates the senders' private IP addresses to the company's one public IP
address—thus, the designation many-to-one. After translating packets' source
IP addresses, the Secure Router OS firewall forwards the requests onto the
Internet. (See Figure 6-1.)