<< Create Static Routes

Start Again >>

 

Example 1: IPsec VPN, Site-to-Site

Configure NAT Policies

TMS zl Module A

TMS zl Module B

  1. Configure the general NAT policy for all traffic on Site 1.

  1. Select Firewall > NAT Policies > Policies.

  2. Click Add Policy.

  3. For Translate, select Source.

  4. For From Zone, select ZONE3.

  5. For To Zone, select EXTERNAL.

  6. For Service, select Any Service.

  7. For Source, select Any Address.

  8. For Destination, select Any Address.

  9. For NAT IP address, select Use IP address of routed VLAN interface.

  10. For Insert Position (Optional), type 1.

  11. Click OK.

  1. Configure a NAT policy to exclude the first address range from translation when it uses the VPN tunnel. (NAT policies cannot accept multiple-entry address objects.)

  1. Click Add Policy.

  2. For Translate, select None.

  3. For From Zone, select ZONE3.

  4. For To Zone, select EXTERNAL.

  5. For Service, select ftp.

  6. For Source, select Options, select Enter custom IP, IP/mask or IP-Range, and type 10.1.7.1-10.1.7.49.

  7. For Destination, select researchFTP.

  8. For Insert Position (Optional), type 1. (These two None policies must have a higher priority than the NAT policy that translates all IP addresses).

  9. Click OK.

  1. Configure a NAT policy to exclude the second address range from translation.

  1. Click Add Policy.

  2. For Translate, select None.

  3. For From Zone, select ZONE3.

  4. For To Zone, select EXTERNAL.

  5. For Service, select ftp.

  6. For Source, select Options, select Enter custom IP, IP/mask or IP-Range, and type 10.1.7.101-10.1.7.220.

  7. For Destination, select researchFTP.

  8. For Insert Position (Optional), type 2.

  9. Click OK.

Not applicable.

<< Create Static Routes

Start Again >>