[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]


Configuring NAT Policies and Services for Enterprise Manager Portal

The NAT policy groups and services provided in the sample data are designed to work with Enterprise Manager Portal and require little configuration. Table 32 shows the names of the policy groups and services associated with each type of NAT that the SRC software supports.




Table 32: NAT Services and Policies
Type of NAT
Name of Policy Group
Name of Service

Dynamic source NAT

dynsrcnat

DynSrcNat

Static destination NAT

staticdstnat

StaticDstNat

Static source NAT

staticsrcnat

StaticSrcNat

The services are located under l=entJunos, o=Scopes, o=umc in the sample data.

The policies are located under ou=entJunos, o=Policies, o=umc in the sample data.

For information about creating NAT policies, including prerequisites on the JUNOS routing platform, see SRC-PE Services and Policies Guide, Chapter 1, Managing Services with the SRC CLI or SRC-PE Services and Policies Guide, Chapter 2, Managing Services on a Solaris Platform.

Configuring the dynsrcnat Policy Group

You can modify the precedence settings in the policy rules for the dynsrcnat policy group. Use the following guidelines if you make changes to the precedence settings:

Reviewing the DynSrcNat Service

The DynSrcNat service is predefined in the sample data. Do not modify any settings or substitutions for this service.

Configuring the staticdstnat Policy Group

This policy group contains two policy rules:

The only setting you can modify for this policy group is the precedence setting for the SFWR policy rule. The value for this setting should be higher than the precedence of any other firewall exception. This distinction ensures that the SAE activates the artificial firewall rule first.

Configuring the StaticDstNat Service

You can modify the following substitutions for the StaticDstNat service; do not modify any other settings for this service.

Configuring the staticsrcnat Policy Group

This policy group contains two policy rules:

The only setting you can modify for this policy group is the precedence setting for the SFWR policy rule. The value for this setting should be higher than the precedence of any other firewall exception. This distinction ensures that the SAE activates the artificial firewall rule first.

Configuring the StaticSrcNat Service

You can modify the following substitutions for the StaticSrcNat service; do not modify any other settings or substitutions for this service.

The values for these parameters must be lower than the precedence settings for the policy rules in the dynsrcnat policy group. This distinction allows static source NAT rules to take priority over dynamic source NAT rules.


[Contents] [Prev] [Next] [Index] [Report an Error] [No Frames]