48
ESR Series Routers Operation Manual
In order the router could response to the ARP requests for addresses from the public pool, you
should launch ARP Proxy service. ARP Proxy service is configured on the interface that IP address from
'PUBLIC_POOL' public network address profile subnet belongs to:
esr(config)#
interface tengigabitethernet 1/0/1
esr(config-if-te)#
ip nat proxy-arp PUBLIC_POOL
To enable public network access for LAN devices, they should be configured for routing
—
21.12.2.1
should be defined as a gateway address.
On the router, you should create the route for public network. Define this route as a default using
the following command:
esr(config)#
ip route 0.0.0.0/0 200.10.0.99
esr(config)#
exit
Configuration changes will take effect when commit command is executed:
esr#
commit
Configuration has been successfully committed
esr#
confirm
Configuration has been successfully confirmed
7.8
Firewall configuration
Firewall is a package of hardware or software tools that allows for control and filtering of
transmitted network packets in accordance with the defined rules.
Objective:
Enable message exchange via ICMP between PC1, PC2 and ESR router.
Fig. 7.7
—
Network structure
Solution:
Create security zone for each ESR network:
esr#
configure
esr(config)#
security zone LAN
esr(config-zone)#
exit
esr(config)#
security zone WAN
esr(config-zone)#
exit
Configure network interfaces and identify their inherence to security zones:
esr(config)#
interface gi1/0/2
esr(config-if-gi)#
ip address 192.168.12.2/24
esr(config-if-gi)#
security-zone LAN
esr(config-if-gi)#
exit
esr(config)#
interface gi1/0/3
esr(config-if-gi)#
ip address 192.168.23.2/24
esr(config-if-gi)#
security-zone WAN
esr(config-if-gi)#
exit