Common Configuration Tasks
Configuring a NAT Zone
To configure NAT, you must first:
CLI Syntax:
The following example displays the NAT zone configuration output.
A:ALU-B>config>router# info
----------------------------------------------
74
•
configure a NAT security profile and policy in the config>security context
→ in the config>security>profile context, specify the timeouts for the
tcp/udp/icmp protocols. This step is optional. If you do not configure the profile,
a default profile is assigned.
→ in the config>security>policy context, configure a NAT security
policy, and specify the match criteria and the action to be applied to a packet if a
match is found
•
then configure a NAT zone and apply the policy ID to the zone
config>router
abort
begin
commit
zone zone-id [create]
configure
router
zone 1 create
begin
name "GRT zone"
description "uplink zone to public"
nat
pool 1 create
description description-string
interface ip-int-name [create]
name zone-name
nat
pool pool-id [create]
description description-string
direction {zone-outbound | zone-
inbound | both}
entry entry-id [create]
ip-address ip-address [to ip-
port port [to port] interface
name pool-name
policy policy-id | policy-name
shutdown
7705 SAR OS Router Configuration Guide
address] interface ip-int-
name
ip-int-name