EasyManua.ls Logo

ELTEX ESR-100 - 7.7 Source NAT configuration

ELTEX ESR-100
109 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR Series Routers Operation Manual 45
7.7 Source NAT configuration
Source NAT (SNAT) function substitutes source address for packets transferred through the network
gateway. When packets are transferred from LAN into public network, source address is substituted to
one of the gateway public addresses. Additionally, source port substitution may be added to the source
address. When packets are transferred back from public network to LAN, address and port are reverted to
their original values.
SNAT function enables Internet access for computers located in LAN. At that, there is no need in
assigning public IP addresses for these computers.
Objective 1: Configure access for users in LAN 10.1.2.0/24 to public network using Source NAT
function. Define public network address range for SNAT 100.0.0.100-100.0.0.249.
Fig. 7.5Network structure
Solution:
Begin configuration with creation of security zones, configuration of network interfaces and their
inherence to security zones. Create 'TRUST' zone for LAN and 'UNTRUST' zone for public network.
esr# configure
esr(config)# security zone UNTRUST
esr(config-zone)# exit
esr(config)# security zone TRUST
esr(config-zone)# exit
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# ip address 10.1.2.1/24
esr(config-if-gi)# security-zone TRUST
esr(config-if-gi)# exit
esr(config)# interface tengigabitethernet 1/0/1
esr(config-if-te)# ip address 100.0.0.99/24
esr(config-if-te)# security-zone UNTRUST
esr(config-if-te)# exit
For SNAT function configuration and definition of rules for security zones, create 'LOCAL_NET' LAN
address profile that includes addresses which are allowed to access the public network and
'PUBLIC_POOL' public network address profile.
esr(config)# object-group network LOCAL_NET
esr(config-object-group-network)# ip address-range 10.1.2.2-10.1.2.254
esr(config-object-group-network)# exit
esr(config)# object-group network PUBLIC_POOL
esr(config-object-group-network)# ip address-range 100.0.0.100-100.0.0.249
esr(config-object-group-network)# exit

Table of Contents

Other manuals for ELTEX ESR-100

Preview: Quick Start And Installation Guide
Quick Start And Installation Guide19 pages

Related product manuals