Starting with ScreenOS 6.2, the support for NAT in Transparent mode has been added with some limitations.
ScreenOS 6.2 allows DIP pools to be defined on the VLAN1 interface for use in the policy-based NAT only.
This must be configured on an extended IP of the vlan1 interface, as shown below. The DIP is not configurable on the vlan1 interface IP itself.
set int vlan1 ip 22.214.171.124/24
set int vlan1 ext ip 126.96.36.199/24 dip 5 188.8.131.52 184.108.40.206
set policy from v1-trust to v1-untrust any any any nat src dip-id 5 permit
Standard DIP options are available such as fix-port and pool shifting.
As of now, only source IP translation is supported, and this must be in the form of policy-based DIPs only.
Incoming search terms:
- tacacs authentication in debian (10)
- aclAuthenticated: authentication not applicable on transparently intercepted requests (2)
- layer2 nat (2)
- ScreenOSsupportNATinTransparentmode(Layer2mode) (2)
- ssg transparent mode nat mode (1)
- screenos vlan1 (1)
- screenos l2 nat (1)
- NOTICE: Authentication not applicable on intercepted requests (1)
- nat layer 2 mode (1)
- nat layer 2 (1)