Step Description Command Keys
9 Set the rule group scope. The rules will
be applied only to traffic coming to a
certain zone or interface.
esr(config-snat-ruleset)# to { zone
<NAME> |
interface <IF> tunnel <TUN> | |
default }
<NAME> – isolation zone
name;
<IF> – device interface name;
<TUN> – device tunnel name
default – denotes a group of
rules for all traffic, the source
of which did not fall under the
criteria of other groups of rules.
10 Specify a rule with a certain number.
The rules are proceeded in ascending
order.
esr(config-snat-ruleset)# rule
<ORDER>
<ORDER> – rule number, takes
values of [1..10000].
11 Specify the profile of IP addresses
{sender | recipient} for which the rule
should work.
esr(config-snat-rule)# match [not]
{source|destination}-address
<OBJ-GROUP-NETWORK-NAME>
<OBJ-GROUP-NETWORK-
NAME> – IP addresses profile
name, set by the string of up to
31 characters.
“Any” value points at any
source IP address.
12 Specify the profile of IP addresses
{sender| recipient} for which the rule
should work (optionally).
esr(config-snat-rule)# match [not]
{source | destination}-port <PORT-
SET-NAME>
<PORT-SET-NAME> – port
profile name, set by the string
of up to 31 characters. “Any”
value points at any source
TCP/UDP port.
13 Set name or number of IP for which the
rule should work (optional).
esr(config-snat-rule)# match [not]
{protocol|protocol-id} <TYPE>
<TYPE> – protocol type, takes
the following values: esp, icmp,
ah, eigrp, ospf, igmp, ipip, tcp,
pim, udp, vrrp, rdp, l2tp, gre.
“Any” value points at any
protocol type.
<ID> – IP identification number,
takes values of [0x00-0xFF].
14 Specify the type and code of ICMP
messages for which the rule should
work (optionally).
esr(config-snat-rule)# match [not]
icmp {<ICMP_TYPE><ICMP_CODE>
| <TYPE-NAME>}
<ICMP_TYPE> – ICMP
message type, takes values of
[0..255].
<ICMP_CODE> – ICMP
message code, takes values of
[0..255]. “Any” value points at
any message code.
<TYPE-NAME> – ICMP
message type name
To Next Page
Loading...
Need help?
General
