beautypg.com

All-to-one ip translation – Amer Networks E5Web GUI User Manual

Page 512

background image

The SAT IP rule to perform the translation would be:

# Action

Src Iface

Src Net

Dest Iface Dest Net

Service

SAT Action

1 SAT

any

all-nets

wan

194.1.2.16-
194.1.2.20,
194.1.2.30

http

Destination IP: 192.168.0.50 All-to-One

This IP rule has the property All to One enabled. This will give an all-to-one translation of all
addresses in the range specified to the single IPv4 address 192.168.0.50. Some examples of this
translation are:

Attempts to communicate with IPv4 address 194.1.2.16, will result in a connection to
192.168.0.50.

Attempts to communicate with IPv4 address 194.1.2.30, will result in a connection to
192.168.0.50.

Note: An untranslated network of all-nets is always all-to-one

When all-nets is specified as the original, untranslated address in a SAT rule, cOS Core
will assume that the All-to-One property is enabled even though the administrator does
not enable it explicitly.

Example 7.6. All-to-One IP Translation

This example is similar to the previous many-to-many example but this time a SAT IP rule will
translate from five public IPv4 addresses to a single web server located in a DMZ.

The Clavister Security Gateway is connected to the Internet via the wan interface and the public
IPv4 addresses have the range of 195.55.66.77 to 195.55.66.81. The server has the private IPv4
address 10.10.10.5 and is on the network connected to the dmz interface.

The following steps need to be performed:

Define an address object containing all the public IPv4 addresses with the name
wwwsrv_pub.

Define another address object set to be the IPv4 address 10.10.10.5 of the web server with the
name wwwsrv_priv.

Publish the public IPv4 addresses on the wan interface using the ARP publish feature.

Create a SAT rule that will perform the translation.

Create an Allow rule that will permit the incoming HTTP flows.

Command-Line Interface

Create an address object for the public IPv4 addresses:

Device:/> add Address IPAddress wwwsrv_pub

Address=195.55.66.77-195.55.66.81

Now, create another object for the base of the web server IP addresses:

Chapter 7: Address Translation

512

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: