guolch 2007-12-22 01:28
基于策略NAT设置注意地方!
policy based NAT setting notes
[size=12px]NAT Off =
Route Mode
NAT On, Dip OFF =
This is the PAT we've always done in NAT Mode
NAT On, Dip OFF, Fix Port =
Translates internal IP's to the IP of the interface, but doesn't translate the port.
If a duplicate port is used by a source, they are not allowed to be translated
because the port is already used for a mapping.
NAT On, Dip On,
DIP: Fix Port On (It's like allocating a number of MIP's to use)
A dip is an Address Range (Let's not call it a pool for that is used for l2tp)
If you have an address range contain 5 DIP's.
Only 5 Hosts can be translated. Any new request is dropped. Ports are not
Translated for any address in the range. (This is classic NAT pools)
NAT On, Dip On,
DIP: Fix Port Off
If you have an address range containg 5 DIP's, the NetScreen will use
round robin to select a DIP for each address that needs to be translated:
PAT is used for each Address in the range.
Some other advantages: Each policy can use its own dip with Fix Port off
So if you set up your policies by departments: sales gets their own pat address,
marketing gets their own pat address, tech support etc.. Now down stream if there is a problem you at least know what department the ip came from.
[/size]
心我所愿 2008-1-7 20:12
挺好的,有这么好的东东也不错.谢谢了偶也应该学习的..
