[rbak-nsp] NATting not working on my SmartEdge router
Sebastian Podjasek
sebastian at podjasek.pl
Wed Jul 31 07:46:57 EDT 2013
W dniu 30.07.2013 13:26, Mosab Messad pisze:
> Dears ,
> Kindly your support i am not able to have the NAT working on my SE
> router, the configuration as below kindly advice ASAP please.
> --------------------
>
> context internet
> !
> no ip domain-lookup
> !
> ip nat pool NAT_pool napt multibind
> address 66.150.66.131/32 <http://66.150.66.131/32> port-block 1 to 15
> !
> nat policy NAT_policy
> pool NAT_pool internet
> timeout tcp 18000
> endpoint-independent filtering udp
Start with changing your nat pool address to something not bound to any
interface, later try to change your config to something similar:
!
ip nat pool nat-pool1 napt multibind
address X.X.X.X/32 port-block 1 to 15
!
nat policy nat-policy1
! Default class
ignore
endpoint-independent filtering udp
icmp-notification
! Named classes
access-group nat-acl
class nat-class
pool nat-pool1 <<context>>
timeout tcp 18000
timeout udp 60
timeout fin-reset 60
timeout icmp 30
timeout syn 60
admission-control tcp
admission-control udp
admission-control icmp
endpoint-independent filtering udp
no icmp-notification
!
policy access-list nat-acl
! no nat for local transfers
seq 1000 permit icmp 10.180.0.0 0.0.255.255 10.180.0.0 0.0.255.255 class lan-class
seq 1001 permit udp 10.180.0.0 0.0.255.255 10.180.0.0 0.0.255.255 class lan-class
seq 1002 permit tcp 10.180.0.0 0.0.255.255 10.180.0.0 0.0.255.255 class lan-class
! nat everyting else
seq 2100 permit icmp 10.180.0.0 0.0.255.255 any class nat-class
seq 2200 permit udp 10.180.0.0 0.0.255.255 any class nat-class
seq 2300 permit tcp 10.180.0.0 0.0.255.255 any class nat-class
--
Sebastian Podjasek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/redback-nsp/attachments/20130731/ed72fdc8/attachment.html>
More information about the redback-nsp
mailing list