Nortel 4134 Guia Do Utilizador
Configuring the firewall for NAT and IPsec tunnels
249
In the figure below, the link between the two networks is created through an
IPsec Branch Office Tunnel. In addition, both networks are able to access
the Internet through a NAT policy configured in each SR4134. The NAT
implementation is a Many to One PAT which allows multiple IP addresses to
be mapped to one public address.
IPsec Branch Office Tunnel. In addition, both networks are able to access
the Internet through a NAT policy configured in each SR4134. The NAT
implementation is a Many to One PAT which allows multiple IP addresses to
be mapped to one public address.
Figure 24
Firewall configuration for NAT and IPsec tunnel
Firewall configuration for NAT and IPsec tunnel
Firewall configuration for SR4134 1
Step
Action
1
To configure the internet firewall, enter:
configure terminal
firewall internet
policy 1000 in permit service ike self
exit
2
To add the untrusted WAN interface to the internet firewall, enter:
interface wan1
exit
3
To configure the corp firewall for incoming IPsec tunnel traffic, enter:
firewall corp
policy 1000 in permit address 20.1.1.0 24 10.1.1.0 24
exit
Nortel Secure Router 4134
Security — Configuration and Management
NN47263-600
01.02
Standard
10.0
3 August 2007
Copyright © 2007, Nortel Networks
.