Solution:
Begin configuration with creation of security zones, configuration of network interfaces and their inherence to
security zones. Create 'TRUST' zone for LAN and 'UNTRUST' zone for public network.
esr# configure
esr(config)# security zone UNTRUST
esr(config-zone)# exit
esr(config)# security zone TRUST
esr(config-zone)# exit
esr(config)# interface gigabitethernet 1/0/1
esr(config-if-gi)# ip address 10.1.2.1/24
esr(config-if-gi)# security-zone TRUST
esr(config-if-gi)# exit
esr(config)# interface tengigabitethernet 1/0/1
esr(config-if-te)# ip address 100.0.0.99/24
esr(config-if-te)# security-zone UNTRUST
esr(config-if-te)# exit
For SNAT function configuration and definition of rules for security zones, create 'LOCAL_NET' LAN address
profile that includes addresses which are allowed to access the public network and 'PUBLIC_POOL' public
network address profile.
esr(config)# object-group network LOCAL_NET
esr(config-object-group-network)# ip address-range 10.1.2.2-10.1.2.254
esr(config-object-group-network)# exit
esr(config)# object-group network PUBLIC_POOL
esr(config-object-group-network)# ip address-range 100.0.0.100-100.0.0.249
esr(config-object-group-network)# exit
To Next Page
Loading...
