Allied Telesis AT-AR300 manual Standard NAT

Page 20

20

Release Note

Figure 5: Using enhanced NAT in an IPsec tunnel with different IPsec and default gateways.

LAN 1

LAN 2

192.168.2.0 subnet

192.168.1.1 - 192.168.1.100

 

F

 

I

 

R

 

E

 

Internet

 

NAT

W

Default

A

gateway

L

 

L

IPsec tunnel

 

Private interface: 192.168.2.100

IPsec

gateway

192.168.1.53

Apparent source host

FW-FG1

Standard NAT

To translate the source address of traffic received on the private interface eth0 and destined for addresses in the range 210.25.4.1-210.25.4.99 to the global subnet 210.25.4.0, use the command:

ADD FIREWALL POLICY=zone1 RULE=10 ACTION=NAT NATTYPE=STANDARD

INT=eth0 PROTOCOL=all GBLIP=210.25.4.0

NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99

To provide a corresponding rule on the public interface eth1 to translate to the private subnet 10.1.2.0, use the command:

ADD FIREWALL POLICY=zone1 RULE=11 ACTION=NAT NATTYPE=STANDARD

INT=eth1 PROTOCOL=all GBLIP=210.25.4.0 IP=10.1.2.0

NATMASK=255.255.255.0 REMOTEIP=210.25.4.1-210.25.4.99

Double NAT

To translate both the source and destination addresses of traffic received on the private interface with a source address of 192.168.0.74 to a destination address of 210.25.7.1 and new source address of 210.25.4.1, use the command:

ADD FIREWALL POLICY=zone1 RULE=50 ACTION=NAT NATTYPE=DOUBLE

INT=eth1 PROTOCOL=all IP=192.168.0.74 GBLIP=210.25.4.1

GBLREMOTEIP=210.25.7.1

Software Release 2.3.1 C613-10325-00 REV B

Page 19 Page 21
Image 20
Page 19 Page 21
Contents Software Release Rapier i Series IntroductionHardware Platforms Hot Swapping Network Service Modules Hot swap an NSM out of an NSM bay Software Features Example output from the Show Interface command NSM Hot Swap Software SupportDomain Name Server Enhancements DNS CachingServer Selection Triggers for Ethernet Interfaces Automatic Nameserver ConfigurationTelnet Server Port Number Enco Channels IP Security IPsec Source Interface Enhancements Ospf on Demand Isdn Rule-based NAT Paladin Firewall EnhancementsInterface-based NAT New Command Syntax Time Limited RulesRelease Note Software Release Web Redirection with Reverse NAT Rules Required parameters for Firewall NAT rules ParametersFurther Examples Firewall and IPsec TunnelStandard NAT Paladin Firewall Http Application Gateway Proxy Show OutputFirewall Http Proxies and Firewall Policies Http FiltersADD Firewall POLICY=zone1 HTTPFILTER=banned.htp Http Cookies Firewall Policy Debugging Show Firewall PolicyVrrp Port Monitoring Http Proxy Filter FileWhere Stepvalue is a decimal number in the range 1 to Border Gateway Protocol 4 BGP-4 IP and Interface Counters Internet Protocol IPTo reset IP interfaces, use the command Example output from the Show IP COUNTER=INTERFACE command Example output from the Show IP COUNTER=SNMP command Telephony PBX Functionality Bandwidth Limiting Errata Telnet ServerInstallation Enable Telnet ServerRelease Note
Top Page Image Contents