ESR series service routers.ESR-Series. User manual
Step Description Command Keys
9 Set the rule group scope. The rules
will be applied only to traffic coming
to a certain zone or interface.
esr(config-snat-ruleset)# to
{ zone <NAME> |
interface <IF> tunnel <TUN> | |
default }
<NAME> – isolation zone name;
<IF> – device interface name;
<TUN> – device tunnel name
default – denotes a group of rules
for all traffic, the source of which did
not fall under the criteria of other
groups of rules.
10 Specify a rule with a certain number.
The rules are proceeded in
ascending order.
esr(config-snat-ruleset)# rule
<ORDER>
<ORDER> – rule number, takes
values of [1..10000].
11 Specify the profile of IP addresses
{sender | recipient} for which the rule
should work.
esr(config-snat-rule)# match
[not]
{source|destination}-address
<OBJ-GROUP-NETWORK-
NAME>
<OBJ-GROUP-NETWORK-NAME> –
IP addresses profile name, set by the
string of up to 31 characters.
'Any' value points at any source IP
address.
12 Specify the profile of IP addresses
{sender| recipient} for which the rule
should work (optional).
esr(config-snat-rule)# match
[not]
{source | destination}-port
<PORT-SET-NAME>
<PORT-SET-NAME> – port profile
name, set by the string of up to 31
characters. 'Any' value points at any
source TCP/UDP port.
13 Set name or number of IP for which
the rule should work (optional).
esr(config-snat-rule)# match
[not]
{protocol|protocol-id} <TYPE>
<TYPE> – protocol type, takes the
following values: esp, icmp, ah, eigrp,
ospf, igmp, ipip, tcp, pim, udp, vrrp,
rdp, l2tp, gre. 'Any' value points at
any protocol type.
<ID> – IP identification number,
takes values of [0x00-0xFF].
14 Specify the type and code of ICMP
messages for which the rule should
work (optional).
esr(config-snat-rule)# match
[not]
icmp
{<ICMP_TYPE><ICMP_CODE> |
<TYPE-NAME>}
<ICMP_TYPE> – ICMP message
type, takes values of [0..255].
<ICMP_CODE> – ICMP message
code, takes values of [0..255]. 'Any'
value points at any message code.
<TYPE-NAME> – ICMP message
type name
To Next Page
Loading...