16.2.1 Configuration algorithm
Step Description Command Keys
1 Switch to the configuration mode of
destination address translation service.
esr(config)# nat destination
2 Create a pool of IP addresses and/or
TCP/UDP ports with a specific name
(optionally).
esr(config-dnat)# pool <NAME> <NAME> – NAT addresses pool
name, set by the string of up to
31 characters.
3 Set the internal IP address which will
replace a destination IP address.
esr(config-dnat-pool)# ip address
<ADDR>
<ADDR> – IP address, defined
as AAA.BBB.CCC.DDD where
each part takes values of
[0..255].
4 Set the internal TCP/UDP port which
will replace a destination TCP/UDP
port.
esr(config-dnat-pool)# ip port
<PORT>
<PORT> – TCP/UDP port, takes
values of [1..65535].
5 Create a rule group with a specific
name.
esr(config-dnat)# ruleset <NAME> <NAME> – rule group name, set
by the string of up to 31
characters.
6 Specify VRF instance, in which the given
rule group will operate (optionally).
esr(config-dnat-ruleset)# ip vrf
forwarding <VRF>
<VRF> – VRF name, set by the
string of up to 31 characters.
7 Set the rule group scope. The rules will
be applied only to traffic coming from a
certain zone or interface.
esr(config-dnat-ruleset)# from
{ zone <NAME>
| interface <IF> | tunnel <TUN> |
default }
<NAME> – isolation zone
name;
<IF> – device interface name;
<TUN> – device tunnel name;
default – denotes a group of
rules for all traffic, the source
of which did not fall under the
criteria of other groups of rules.
8 Specify a rule with a certain number.
The rules are proceeded in ascending
order.
esr(config-dnat-ruleset)# rule
<ORDER>
<ORDER> – rule number, takes
values of [1..10000].
9 Specify the profile of IP addresses
{sender | recipient} for which the rule
should work.
esr(config-dnat-rule)# match [not]
{source|destination}-address
<OBJ-GROUP-NETWORK-NAME>
<OBJ-GROUP-NETWORK-
NAME> – IP addresses profile
name, set by the string of up to
31 characters.
“Any” value points at any
source IP address.
To Next Page
Loading...
