ScreenOS support NAT in Transparent mode (Layer 2 mode)

Starting with ScreenOS 6.2, the support for NAT in Transparent mode has been added with some limitations.
ScreenOS 6.2 allows DIP pools to be defined on the VLAN1 interface for use in the policy-based NAT only.

This must be configured on an extended IP of the vlan1 interface, as shown below. The DIP is not configurable on the vlan1 interface IP itself.

set int vlan1 ip 1.1.1.1/24
set int vlan1 ext ip 20.20.20.1/24 dip 5 20.20.20.10 20.20.20.15
set policy from v1-trust to v1-untrust any any any nat src dip-id 5 permit

Standard DIP options are available such as fix-port and pool shifting.
As of now, only source IP translation is supported, and this must be in the form of policy-based DIPs only.

Sponsored Link

Leave a comment

Your email address will not be published. Required fields are marked *