EasyManuals Logo

GE MDS ORBIT MCR User Manual

GE MDS ORBIT MCR
463 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #245 background imageLoading...
Page #245 background image
MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 245
Using the CLI
To perform the same procedure with the CLI, first change to configuration mode. The steps needed to
produce the same destination NAT rule set and apply it to the cell interface follow.
Enable firewall service, if it is not already enabled. 1.
% set services firewall enabled true
Create a static NAT rule set. The rule set name used below is Static_NAT_Network_A. 2.
% set services firewall nat static rule-set Static_NAT_Network_A
Create rule for translating the original “static-nat address” to the translated “match dst-address.” 3.
% set services firewall nat static rule-set Static_NAT_Network_A rule 1 match dst-address
10.10.1.0/24
% set services firewall nat static rule-set Static_NAT_Network_A rule 1 static-nat address
192.168.1.0/24
To apply the rule-set to an existing IPsec connection (here named IPSEC_CONN), use the
4.
following command.
% set services vpn ipsec connection IPSEC_CONN nat static Static_NAT_Network_A
Commit configuration and exit configuration mode. 5.
% commit
VPN 3.8.12
Understanding
Orbit supports following types of Virtual Private Network (VPN) setups:
1. Site-to-Site Policy-Based IPsec L3VPN This is enables routing of traffic to/from single local LAN of
Orbit from/to single remote LAN on the other side of the Remote IPsec router through an IPsec
tunnel. Only unicast IP traffic matching the local and remote subnets can be sent over this tunnel. If
more than a single pair of local or remote subnets need to exchange data then each pair requires its
own tunnel. This is called a policy based VPN since the traffic selector/policy i.e. the local and
remote IP subnets is included in the IPsec configuration.
Orbit
Remote IPsec
Gateway/Router
Local LAN
192.168.1.0/24
Remote LAN
10.1.1.0/24
Customer
Network/
Internet
Cellular
network
IPsec Tunnel
carrying traffic
between local
and remote
LANs
In this setup, there is single LAN behind Orbit and traffic from this LAN needs to
be routed towards a single remote LAN on the other side of the remote router
through an IPsec tunnel. If the remote LAN is configured as 0.0.0.0/0, then Orbit
will route traffic from local LAN to any other destination through this tunnel.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the GE MDS ORBIT MCR and is the answer not in the manual?

GE MDS ORBIT MCR Specifications

General IconGeneral
BrandGE
ModelMDS ORBIT MCR
CategoryNetwork Router
LanguageEnglish

Related product manuals