EasyManuals Logo

ELTEX ESR-3100 User Manual

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #574 background imageLoading...
Page #574 background image
ESR series service routers.ESR-Series. User manual
574
Solution:
Create 'UNTRUST' and 'TRUST' security zones. Specify the inherence of the network interfaces being used to
zones. Assign IP addresses to interfaces simultaneously.
esr# configure
esr(config)# security zone UNTRUST
esr(config-zone)# exit
esr(config)# security zone TRUST
esr(config-zone)# exit
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# security-zone TRUST
esr(config-if-gi)# ip address 10.1.1.1/25
esr(config-if-gi)# exit
esr(config)# interface tengigabitethernet 1/0/1
esr(config-if-te)# ip address 1.2.3.4/29
esr(config-if-te)# security-zone UNTRUST
esr(config-if-te)# exit
Create IP address and port profiles required for configuration of the Firewall and DNAT rules.
NET_UPLINK – public network address profile;
SERVER_IP – local area network address profile;
SRV_HTTP – port profile.
esr(config)# object-group network NET_UPLINK
esr(config-object-group-network)# ip address 1.2.3.4
esr(config-object-group-network)# exit
esr(config)# object-group service SRV_HTTP
esr(config-object-group-service)# port 80
esr(config-object-group-service)# exit
esr(config)# object-group network SERVER_IP
esr(config-object-group-network)# ip address 10.1.1.100
esr(config-object-group-network)# exit
Proceed to DNAT configuration mode and create destination address and port pool that will be used for
translation of packet addresses coming to address 1.2.3.4 from the external network.
esr(config)# nat destination
esr(config-dnat)# pool SERVER_POOL
esr(config-dnat-pool)# ip address 10.1.1.100
esr(config-dnat-pool)# ip port 80
esr(config-dnat-pool)# exit
Create 'DNAT' rule set which will be used for address translation. In the set attributes, specify that the rules are
applying only to packets coming from the 'UNTRUST' zone. Rule set includes data matching requirements for
destination address and port (match destination-address, match destination-port) and for the protocol. Also,
the set includes an action that applies to the data that satisfy all of the rules (action destination-nat). The rule
set is applied with 'enable' command.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ELTEX ESR-3100 and is the answer not in the manual?

ELTEX ESR-3100 Specifications

General IconGeneral
BrandELTEX
ModelESR-3100
CategoryNetwork Router
LanguageEnglish

Related product manuals