-
Configure the general NAT policy for all traffic on Site 1.
-
Select Firewall > NAT Policies > Policies.
-
Click Add Policy.
-
For Translate, select Source.
-
For From Zone, select ZONE3.
-
For To Zone, select EXTERNAL.
-
For Service, select Any Service.
-
For Source, select Any Address.
-
For Destination, select Any Address.
-
For NAT IP address, select Use IP address of routed VLAN interface.
-
For Insert Position (Optional), type 1.
-
Click OK.
-
Configure a NAT policy to exclude the first address range from translation when it uses the VPN tunnel. (NAT policies cannot accept multiple-entry address objects.)
-
Click Add Policy.
-
For Translate, select None.
-
For From Zone, select ZONE3.
-
For To Zone, select EXTERNAL.
-
For Service, select ftp.
-
For Source, select Options, select Enter custom IP, IP/mask or IP-Range, and type 10.1.7.1-10.1.7.49.
-
For Destination, select researchFTP.
-
For Insert Position (Optional), type 1. (These two None policies must have a higher priority than the NAT policy that translates all IP addresses).
-
Click OK.
-
Configure a NAT policy to exclude the second address range from translation.
-
Click Add Policy.
-
For Translate, select None.
-
For From Zone, select ZONE3.
-
For To Zone, select EXTERNAL.
-
For Service, select ftp.
-
For Source, select Options, select Enter custom IP, IP/mask or IP-Range, and type 10.1.7.101-10.1.7.220.
-
For Destination, select researchFTP.
-
For Insert Position (Optional), type 2.
-
Click OK.
|
Not applicable.
|