ZyXEL Communications 3.1 Manual De Usuario
Chapter 17 IPSec VPN
ZyWALL (ZLD) CLI Reference Guide
146
[no] nail-up
Automatically re-negotiates the SA as needed. The
no
command
does not.
[no] replay-detection
Enables replay detection. The
no
command disables it.
[no] netbios-broadcast
Enables NetBIOS broadcasts through the IPSec SA. The
no
command disables NetBIOS broadcasts through the IPSec SA.
[no] out-snat activate
Enables out-bound traffic SNAT over IPSec. The
no
command
disables out-bound traffic SNAT over IPSec.
out-snat source address_name destination
address_name snat address_name
Configures out-bound traffic SNAT in the IPSec SA.
[no] in-snat activate
Enables in-bound traffic SNAT in the IPSec SA. The
no
command
disables in-bound traffic SNAT in the IPSec SA.
in-snat source address_name destination
address_name snat address_name
Configures in-bound traffic SNAT in the IPSec SA.
[no] in-dnat activate
Enables in-bound traffic DNAT in the IPSec SA. The
no
command
disables in-bound traffic DNAT in the IPSec SA.
in-dnat delete <1..10>
Deletes the specified rule for in-bound traffic DNAT in the specified
IPSec SA.
IPSec SA.
in-dnat move <1..10> to <1..10>
Moves the specified rule (first rule number) to the specified
location (second rule number) for in-bound traffic DNAT.
location (second rule number) for in-bound traffic DNAT.
in-dnat append protocol {all | tcp | udp}
original-ip address_name <0..65535>
<0..65535> mapped-ip address_name
<0..65535> <0..65535>
Maps the specified IP address and port range (original-ip) to the
specified IP address and port range (mapped-ip) and appends this
rule to the end of the rule list for in-bound traffic DNAT.
specified IP address and port range (mapped-ip) and appends this
rule to the end of the rule list for in-bound traffic DNAT.
in-dnat insert <1..10> protocol {all |
tcp | udp} original-ip address_name
<0..65535> <0..65535> mapped-ip
address_name <0..65535> <0..65535>
Maps the specified IP address and port range (original-ip) to the
specified IP address and port range (mapped-ip) and inserts this
rule before the specified rule.
specified IP address and port range (mapped-ip) and inserts this
rule before the specified rule.
in-dnat <1..10> protocol {all | tcp |
udp} original-ip address_name <0..65535>
<0..65535> mapped-ip address_name
<0..65535> <0..65535>
Creates or revises the specified rule and maps the specified IP
address and port range (original-ip) to the specified IP address and
port range (mapped-ip).
address and port range (original-ip) to the specified IP address and
port range (mapped-ip).
Table 72
crypto Commands: IPSec SAs (continued)
COMMAND
DESCRIPTION