Ip Address-Based Destination Address Translation; Configuration Example - Zte ZXR10 8900 Series User Manual
10g routing switch
Hide thumbs
Also See for ZXR10 8900 Series:
- User manual (186 pages) ,
- Command manual (177 pages) ,
- Command reference manual (147 pages)
Table of Contents
Advertisement
orig_src sbunet1 dstarea area-vlan2 trans_src
enable yes
Notes:
System also translates source port address by default when trans-
lating source address.
IP Address-Based Destination
Address Translation Configuration
Example
Due to frequent Internet attacks to government and enterprise
networks, it is necessary to provide protection to the intranet crit-
ical device which provides access service to extranet. With desti-
nation address NAT, intranet addresses can be hidden.
Internet users need to access WEB server through FW. To hide
the actual address 172.16.1.2 of server in intranet, public network
address 202.99.27.201 is used as user access address. Network
topology diagram is shown in
F
5 IP A
IGURE
DDRESS
C
E
ONFIGURATION
XAMPLE
Configuration Points:
�
Defining area resource: area_vlan2.
�
Defining address resource corresponding to actual address of
WEB server.
�
Defining public network virtual IP address resource of WEB
server.
�
Defining NAT policy.
1. To set area_vlan2 and define default attribute to permit to ac-
cess, execute the following command:
ZXR10_FW #define area add name area_vlan2 access
on attribute interface vlan2
To set area_vlan1 and define default attribute to deny access-
ing, execute the following command:
ZXR10_FW #define area add name area_vlan1
access off attribute interface vlan1
Confidential and Proprietary Information of ZTE CORPORATION
Figure
5.
-B
D
A
ASED
ESTINATION
Chapter 6 NAT Configuration
nat-pool
T
DDRESS
RANSLATION
97
Advertisement
Table of Contents
