История страницы

ESR-1(config)# object-group network LAN
ESR-1(config-object-group-network)# ip prefix 192.0.2.0/24
ESR-1(config-object-group-network)# exit
ESR-1(config)# object-group network IPSEC
ESR-1(config-object-group-network)# ip prefix 128.66.1.0/24
ESR-1(config-object-group-network)# exit
ESR-1(config)# security zone-pair LAN WAN
ESR-1(config-security-zone-pair)# rule 1
ESR-1(config-security-zone-pair-rule)# match source-address object-group network LAN 
ESR-1(config-security-zone-pair-rule)# match destination-address object-group network IPSEC 
ESR-1(config-security-zone-pair-rule)# action permit 
ESR-1(config-security-zone-pair-rule)# enable 
ESR-1(config-security-zone-pair-rule)# exit
ESR-1(config-security-zone-pair)# exit
ESR-1(config)# security zone-pair WAN LAN 
ESR-1(config-security-zone-pair)# rule 1
ESR-1(config-security-zone-pair-rule)# match source-address object-group network IPSEC 
ESR-1(config-security-zone-pair-rule)# match destination-address object-group network LAN 
ESR-1(config-security-zone-pair-rule)# action permit 
ESR-1(config-security-zone-pair-rule)# enable 
ESR-1(config-security-zone-pair-rule)# exit
ESR-1(config-security-zone-pair)# exit

ESR-1(config)# security zone-pair SYNC self 
ESR-1(config-security-zone-pair)# rule 4
ESR-1(config-security-zone-pair-rule)# action permit 
ESR-1(config-security-zone-pair-rule)# match protocol udp 
ESR-1(config-security-zone-pair-rule)# match destination-port object-group FAILOVER 
ESR-1(config-security-zone-pair-rule)# enable 
ESR-1(config-security-zone-pair-rule)# exit
ESR-1(config-security-zone-pair)# exit

ESR-1(config-snat)# ruleset SNAT
ESR-1(config-snat-ruleset)# to zone WAN 
ESR-1(config-snat-ruleset)# rule 1
ESR-1(config-snat-rule)# match source-address object-group network INTERNET_USERS
ESR-1(config-snat-rule)# action source-nat pool TRANSLATE_ADDRESS
ESR-1(config-snat-rule)# enable 
ESR-1(config-snat-rule)# exit
ESR-1(config-snat-ruleset)# exit
ESR-1(config-snat)# exit