ESR series service routers.ESR-Series. User manual
Step Description Command Keys
15 Enable application layer
session tracking for FTP, SIP,
H323, netbios-ns, PPTP
protocols (optional).
esr(config)# ip firewall sessions
tracking
{<PROTOCOL> | sip [ port
<OBJECT-GROUP-SERVICE> ] |
all}
all – enables application layer session
tracking for all available protocols;
<PROTOCOL> –application layer
protocol whose sessions need to be
monitored, takes values of [ftp, h323,
pptp, netbios-ns];
<OBJECT-GROUP-SERVICE> –profile
name of the TCP/UDP ports of the sip
session, specified as a string of up to
31 characters. If the group is not
specified, then sip sessions will be
monitored for port 5060.
16 Enable IP address translation
in application level headers
(optional).
esr(config)# nat alg
{<PROTOCOL> | all}
all – enables IP address translation in
headers of all available protocols;
<PROTOCOL> –application layer
protocol in whose headers address
translation should work, takes values
of [ftp, h323, pptp, netbios-ns].
16.2.2 Destination NAT configuration example
Objective:
Establish access from the public network, that belongs to the 'UNTRUST' zone, to LAN server in 'TRUST' zone.
Server address in LAN – 10.1.1.100. Server should be accessible from outside the network–address 1.2.3.4,
access port 80.
When using the not key, the rule will work for values which are not included in a specified profile.
Each 'match' command may contain 'not' key. When using the key, packets that do not meet the given
requirement will fall under the rule.
For more information about router configuration, see 'CLI command reference guide'.