EasyManua.ls Logo

ELTEX ESR-1000 - Page 47

Default Icon
109 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
ESR Series Routers Operation Manual 47
Objective 2: Configure access for users in LAN 21.12.2.0/24 to public network using Source NAT
function without the firewall. Public network address range for SNAT 200.10.0.100-200.10.0.249.
Fig. 7.6Network structure
Solution:
Begin configuration with network interface configuration and disabling the firewall:
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# ip address 21.12.2.1/24
esr(config-if-gi)# ip firewall disable
esr(config-if-gi)# exit
esr(config)# interface tengigabitethernet 1/0/1
esr(config-if-te)# ip address 200.10.0.99/24
esr(config-if-te)# ip firewall disable
esr(config-if-te)# exit
For SNAT function configuration, create 'LOCAL_NET' LAN address profile that includes addresses
which are allowed to access the public network and 'PUBLIC_POOL' public network address profile.
esr(config)# object-group network LOCAL_NET
esr(config-object-group-network)# ip address-range 21.12.2.2-21.12.2.254
esr(config-object-group-network)# exit
esr(config)# object-group network PUBLIC_POOL
esr(config-object-group-network)# ip address-range 200.10.0.100-200.10.0.249
esr(config-object-group-network)# exit
Configure SNAT service.
First step is to create public network address pool for use with SNAT:
esr(config)# nat source
esr(config-snat)# pool TRANSLATE_ADDRESS
esr(config-snat-pool)# ip address-range 200.10.0.100-200.10.0.249
esr(config-snat-pool)# exit
Second step is to create SNAT rule set. In the set attributes, specify that the rules are applying only
to packets transferred to public network through te1/0/1 port. Rules include a check which ensures that
data source address belongs to 'LOCAL_NET' pool:
esr(config-snat)# ruleset SNAT
esr(config-snat-ruleset)# to interface te1/0/1
esr(config-snat-ruleset)# rule 1
esr(config-snat-rule)# match source-address LOCAL_NET
esr(config-snat-rule)# match destination-address any
esr(config-snat-rule)# match protocol any
esr(config-snat-rule)# action source-nat pool TRANSLATE_ADDRESS
esr(config-snat-rule)# enable
esr(config-snat-rule)# exit
esr(config-snat-ruleset)# exit

Table of Contents

Other manuals for ELTEX ESR-1000

Preview: User Manual
User Manual650 pages
Preview: Quick Start And Installation Guide
Quick Start And Installation Guide19 pages

Related product manuals