Product Documentation
ADC
Current Release 13.1 13.0 12.1
View PDF

Sample LSN Configurations

September 21, 2020
Contributed by:
S

The following are examples of configuring LSN through command line interface.

Create a simple LSN configuration with a single subscriber network, single LSN NAT IP address, and default settings:

add lsn client LSN-CLIENT-1 Done bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-1 Done bind lsn pool LSN-POOL-1 203.0.113.3 Done add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1 Done bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1 Done

Create an LSN configuration with an extended ACL for identifying LSN subscribers:

add ns acl LSN-ACL-2 ALLOW -srcIP 192.0.2.10-192.0.2.20 Done apply acls Done add lsn client LSN-CLIENT-2 Done bind lsn client LSN-CLIENT-2 –aclname LSN-ACL-2 Done add lsn pool LSN-POOL-2 Done bind lsn pool LSN-POOL-2 203.0.113.5-203.0.113.10 Done add lsn group LSN-GROUP-2 -clientname LSN-CLIENT-2 Done bind lsn group LSN-GROUP-2 -poolname LSN-POOL-2 Done

创建一个LSN endpoint-independ配置ent mapping for HTTP protocol (port 80) and address-port dependent mapping for SSH protocol (port 22). Also, restrict each subscriber to use a maximum of 1000 NAT ports for TCP protocol and 100 NAT ports for UDP protocol. Restrict each subscriber to have a maximum of 2000 concurrent sessions for TCP protocol. Restrict the group to have a maximum of 30000 concurrent sessions for TCP protocol:

add lsn client LSN-CLIENT-3 Done bind lsn client LSN-CLIENT-3 -network 192.0.3.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-3 Done bind lsn pool LSN-POOL-3 203.0.113.11 Done add lsn group LSN-GROUP-3 -clientname LSN-CLIENT-3 Done bind lsn group LSN-GROUP-3 -poolname LSN-POOL-3 Done add lsn appsprofile LSN-APPS-HTTPPROFILE-3 TCP -mapping ENDPOINT-INDEPENDENT Done bind lsn appsprofile LSN-APPS-HTTPPROFILE-3 80 Done bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-HTTPPROFILE-3 Done add lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP -mapping ADDRESS-PORT-DEPENDENT Done bind lsn appsprofile LSN-APPS-SSHPROFILE-3 22 Done bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-SSHPROFILE-3 Done add lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000 Done bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3 Done add lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100 Done bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-UDP-3 Done

Create an LSN configuration for a large set of subscribers:

add lsn client LSN-CLIENT-4 Done bind lsn client LSN-CLIENT-4 -network 192.0.4.0 -netmask 255.255.255.0 Done bind lsn client LSN-CLIENT-4 -network 192.0.5.0 -netmask 255.255.255.0 Done bind lsn client LSN-CLIENT-4 -network 192.0.6.0 -netmask 255.255.255.0 Done bind lsn client LSN-CLIENT-4 -network 192.0.7.0 -netmask 255.255.255.0 Done bind lsn client LSN-CLIENT-4 -network 192.0.8.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-4 Done bind lsn pool LSN-POOL-4 203.0.113.30-203.0.113.40 Done bind lsn pool LSN-POOL-4 203.0.113.45-203.0.113.50 Done bind lsn pool LSN-POOL-4 203.0.113.55-203.0.113.60 Done add lsn group LSN-GROUP-4 -clientname LSN-CLIENT-4 Done bind lsn group LSN-GROUP-4 -poolname LSN-POOL-4 Done add lsn appsprofile LSN-APPS-WELLKNOWNPROFILE-4 TCP -mapping ENDPOINT-INDEPENDENT Done bind lsn appsprofile LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 1- 1023 Done bind lsn group LSN-GROUP-4 -applicationprofilename LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 Done

Create an LSN configuration with sharing of NAT resources among multiple LSN groups. In this example, LSN pool LSN-POOL-5 is shared with LSN groups LSN-GROUP-5 and LSN-GROUP-6:

add lsn client LSN-CLIENT-5 Done bind lsn client LSN-CLIENT-5 -network 192.0.15.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-5 Done bind lsn pool LSN-POOL-5 203.0.113.12-203.0.113.14 Done add lsn group LSN-GROUP-5 -clientname LSN-CLIENT-5 Done bind lsn group LSN-GROUP-5 -poolname LSN-POOL-5 Done add lsn client LSN-CLIENT-6 Done bind lsn client LSN-CLIENT-6 -network 192.0.16.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-6 Done bind lsn pool LSN-POOL-6 203.0.113.15-203.0.113.18 Done add lsn group LSN-GROUP-6 -clientname LSN-CLIENT-6 Done bind lsn group LSN-GROUP-6 -poolname LSN-POOL-6 Done bind lsn group LSN-GROUP-6 -poolname LSN-POOL-5 Done

Create an LSN configuration with deterministic NAT resource allocation:

add lsn client LSN-CLIENT-7 Done bind lsn client LSN-CLIENT-7 -network 192.0.17.0 -netmask 255.255.255.0 Done add lsn pool LSN-POOL-7 -nattype DETERMINISTIC Done bind lsn pool LSN-POOL-7 203.0.113.19-203.0.113.23 Done add lsn group LSN-GROUP-7 -clientname LSN-CLIENT-7 -nattype DETERMINISTIC -portblocksize 1024 Done bind lsn group LSN-GROUP-7 -poolname LSN-POOL-7 Done

Create an LSN configuration with multiple subscriber networks having the same network address but each network belonging to a different traffic domain. Also, restrict the outbound traffic related to HTTP protocol (port 80), sending it through a particular traffic domain (td 5):

add lsn client LSN-CLIENT-8 Done bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 1 Done bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2 Done bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 3 Done add lsn pool LSN-POOL-8 Done bind lsn pool LSN-POOL-8 203.0.113.80-203.0.113.86 Done add lsn group LSN-GROUP-8 -clientname LSN-CLIENT-8 Done bind lsn group LSN-GROUP-8 -poolname LSN-POOL-8 Done add lsn appsprofile LSN-APPS-HTTP-PROFILE-8 TCP -td 5 Done bind lsn appsprofile LSN-APPS-HTTP-PROFILE-8 80 Done bind lsn group LSN-GROUP-8 -applicationprofilename LSN-APPS-HTTP-PROFILE-8 Done

Create an LSN configuration that restricts the outbound traffic of a specific protocol (TCP), sending it through a particular traffic domain (td 5). With endpoint-independent filtering, receive inbound traffic related to this protocol (TCP) on any traffic domain:

添加lsn客户机LSN-CLIENT-9做绑定lsn客户机LSN-CLIENT-9 -network 192.0.9.0 -netmask 255.255.255.0 -td 1 Done add lsn pool LSN-POOL-9 Done bind lsn pool LSN-POOL-9 203.0.113.90 Done add lsn group LSN-GROUP-9 -clientname LSN-CLIENT-9 Done bind lsn group LSN-GROUP-9 -poolname LSN-POOL-9 Done add lsn appsprofile LSN-APPS-PROFILE-9 TCP -filtering ENDPOINT-INDEPENDENT -td 5 Done bind lsn group LSN-GROUP-9 -approfile LSN-APPS-PROFILE-9 Done

Create an LSN configuration that restricts outbound HTTP (port 80) traffic, sending it through a particular traffic domain (td 10). With address-dependent filtering, receive inbound traffic related to this protocol (HTTP) on the specified traffic domain (td 10):

add lsn client LSN-CLIENT-10 Done bind lsn client LSN-CLIENT-10 -network 192.0.10.0 -netmask 255.255.255.0 -td 1 Done add lsn pool LSN-POOL-10 Done bind lsn pool LSN-POOL-10 203.0.113.100 Done add lsn group LSN-GROUP-10 -clientname LSN-CLIENT-10 Done bind lsn group LSN-GROUP-10 -poolname LSN-POOL-10 Done add lsn appsprofile LSN-APPS-PROFILE-10 TCP -mapping ENDPOINT -INDEPENDENT -filtering ADDRESS-DEPENDENT -td 10 Done bind lsn appsprofile LSN-APPS-PROFILE-10 80 Done bind lsn group LSN-GROUP-10 -approfile LSN-APPS-PROFILE-10 Done
Sample LSN Configurations
September 21, 2020
Contributed by:
S
September 21, 2020
Contributed by:
S

In this article

    Site feedback | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
    © 1999-Cloud Software Group, Inc. All rights reserved.