Pages

Tuesday, June 14, 2011

NAT Firewall Setting for Aruba Wireless Controller

The setting of Network Address Translation (NAT) in Aruba Wireless controller can be done via rules in a firewall set or an entire VLAN can be NAT’d. The VLAN NAT uses a dynamic (DHCP or PPPoE) public interface as the IP address through a dynamic NAT pool and the use of the dynamic-session-acl. NAT rules in a firewall policy can also use this pool, or a NAT pool to be configured to provide an IP range for the NAT. You can configure a NATpool by navigating the Aruba UI to the 

Configuration > Network > IP > NAT Pools.


Aruba controller has three NAT options setting which are SRC-NAT, DST-NAT and DUAL-NAT.


src-nat: Performs network address translation (NAT) on packets matching the rule. When this option is selected, you need to select a NAT pool. (If this pool is not configured, you configure a NAT pool by navigating to the 

Configuration > Network > IP > NAT Pools.

dst-nat: This option redirects traffic to the configured IP address and destination port. An example of this option is to redirect a
ll HTTP packets to the captive portal port on the Aruba controller as used in the pre-defined policy called “captiveportal”.

dual-nat: This option performs both source and destination NAT on packets matching the rule.