Versions Compared

Old Version 2

changes.mady.by.user Jean-luc KRIKER

Saved on

compared with

New Version Current

changes.mady.by.user Jean-luc KRIKER

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.



Configure a Service with Destination NATting
Step 1Configure Service

configuration > Authority > Services

ADD: webserver3

ADD Address:128.128.128.1/32

SET: Security Policy:   encryption_only


configuration > Authority > Services: webserver3 > Access Policies

SET: Source:  corp

Step 2Configure Service Route on Branch 1 Router

configuration > Authority > router: seabo1 

ADD: Service Routes:   webserver3-route

SET: Service Name:  webserver3

SET: Service Route Type:   Perr Serrvice Route

SET:  Peer:    bosdc1

Step 3Configure Destination NAT Service Route on Datacenter Router 1

configuration > Authority > router: seabo1 

ADD: Service Routes:   local-webserver3-route

SET: Service Name:  webserver3

SET: Service Route Type:   Service Agent

SET:  NAT Target:     172.36.128.2 

Configure Destination NAT Service Route on Datacenter Router 1
Step 4Gather PCI Addresses for Datacenter Router 1

su admin
Password: 128Tadmin


# show platform

>> src3 PCI address


Step 5Configure Web Server 3 Interface on Datacenter Router 1

Configuration > Authority > Routers: bosdc1 > Node: node1 > Device Interface: srv3 > Network Interface: srv3 >

SET:  Device Interface Type:  ethernet

ENTER:  PCI Address of srv3  (see at the top )

ADD:    Network Interface: srv3


Configuration > Authority > Routers: bosdc1 > Node: node1 > Device Interface: srv3 > Network Interface: srv3 >

SET:  Security Policy: eas1

ADD:  Interface Addresses:  172.36.128.1

SET:   Prefix of 30


VALIDATE and COMMIT
Step 6Verify Web Server 3 Connectivity
Console branch1 Clientping 128.128.128.1

 http://128.128.128.1
Step 7Turn on Packet Capture

Configuration > Authority > Routers: seado1 > Node: node1 > Device Interface: mpls1

ADD:  Capture Filter

SET: len>0



Configuration > Authority > Routers: seado1 > Node: node1 > Device Interface: lan1

ADD:  Capture Filter

SET: len>0


Configuration > Authority > Routers: bosdc1 > Node: node1 > Device Interface: mpls1

ADD:  Capture Filter

SET: len>0


Configuration > Authority > Routers: bosdc1 > Node: node1 > Device Interface: srv3

ADD:  Capture Filter

SET: len>0


VALIDATE and COMMIT
Step 8Verify the Destination NAT
Branch 1 ClientCopy your PCAPs from Datacenter Router 1

$ mkdir /home/t128/Desktop/Branch_Router
$ scp admin@192.168.7.93:/var/log/128technology/128T*
/home/t128/Desktop/Branch_Router/
Datacenter Router 1Copy your PCAPs from Datacenter Router 1

mkdir /home/t128/Desktop/Datacenter_Router
$ scp admin@192.168.7.97:/var/log/128technology/128T*
/home/t128/Desktop/Datacenter_Router/
Password: 128Tadmin
Merge PCAPsInside Wireshark, select File > Merge

What are your source and destination addresses as your packets travel through
your network?