EasyManuals Logo

ELTEX ESR-3100 User Manual

Default Icon
650 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #580 background imageLoading...
Page #580 background image
ESR series service routers.ESR-Series. User manual
580
To transfer traffic from 'TRUST' zone into 'UNTRUST' zone, create a pair of zones and add rules allowing traffic
transfer in this direction. Additionally, there is a check in place to ensure that data source address belongs to
'LOCAL_NET' address range in order to limit the access to public network. Rules are applied with the enable
command.
esr(config)# security zone-pair TRUST UNTRUST
esr(config-zone-pair)# rule 1
esr(config-zone-pair-rule)# match source-address LOCAL_NET
esr(config-zone-pair-rule)# action permit
esr(config-zone-pair-rule)# enable
esr(config-zone-pair-rule)# exit
esr(config-zone-pair)# exit
Configure SNAT service. First step is to create public network address pool for use with SNAT.
esr(config)# nat sourсe
esr(config-snat)# pool TRANSLATE_ADDRESS
esr(config-snat-pool)# ip address-range 100.0.0.100-100.0.0.249
esr(config-snat-pool)# exit
Second step is to create SNAT rule set. In the set attributes, specify that the rules are applying only to packets
transferred to public network–into the 'UNTRUST' zone. Rules include a check which ensures that data source
address belongs to 'LOCAL_NET' pool.
esr(config-snat)# ruleset SNAT
esr(config-snat-ruleset)# to zone UNTRUST
esr(config-snat-ruleset)# rule 1
esr(config-snat-rule)# match source-address LOCAL_NET
esr(config-snat-rule)# action source-nat pool TRANSLATE_ADDRESS
esr(config-snat-rule)# enable
esr(config-snat-rule)# exit
esr(config-snat-ruleset)# exit
In order the router could response to the ARP requests for addresses from the public pool, you should launch
ARP Proxy service. ARP Proxy service is configured on the interface that IP address from 'PUBLIC_POOL'
public network address profile subnet belongs to.
esr(config)# interface tengigabitethernet 1/0/1
esr(config-if-te)# ip nat proxy-arp PUBLIC_POOL
To enable public network access for LAN devices, they should be configured for routing–10.1.2.1 should be
defined as a gateway address.
On the router, create the route for public network. Specify this route as a default using the following command.
esr(config)# ip route 0.0.0.0/0 100.0.0.1
esr(config)# exit

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the ELTEX ESR-3100 and is the answer not in the manual?

ELTEX ESR-3100 Specifications

General IconGeneral
BrandELTEX
ModelESR-3100
CategoryNetwork Router
LanguageEnglish

Related product manuals