样本LSN配置
下面以命令行接口配置LSN为例。
创建一个简单的LSN配置,具有单个用户网络、单个LSN NAT IP地址和默认设置:
add lsn client lsn -client -1 Done bind lsn client lsn -client -1 -network 192.0.2.0 -netmask 255.255.255.0 Done add lsn pool lsn -pool -1 Done bind lsn -pool -1 203.0.113.3 Done add lsn group lsn - group -1 -clientname lsn -client -1 Done bind lsn group lsn - group -1 -poolname lsn -pool -1 Done 创建带有扩展ACL的LSN配置,用于识别LSN订阅者:
添加ns acl LSN-ACL-2允许-srcIP 192.0.2.10-192.0.2.20完成应用acl完成添加lsn客户机LSN-CLIENT-2做绑定lsn客户机LSN-CLIENT-2 -aclname LSN-ACL-2完成添加lsn池LSN-POOL-2做绑定lsn池LSN-POOL-2 203.0.113.5-203.0.113.10完成添加lsn组LSN-GROUP-2列出LSN-CLIENT-2完成绑定lsn集团LSN-GROUP-2 -poolname LSN-POOL-2Done 创建一个LSN配置,为HTTP协议(端口80)提供端点独立映射,为SSH协议(端口22)提供地址端口依赖映射。同时,限制每个用户使用最多1000个NAT端口的TCP协议和100个NAT端口的UDP协议。限制每个订阅者对TCP协议最多有2000个并发会话。限制TCP协议组最大并发会话数为30000:
add lsn client lsn -client -3 Done bind lsn client lsn -client -network 192.0.3.0 -netmask 255.255.255.0 Done add lsn pool lsn -pool -3 Done bind lsn pool lsn -pool -3 203.0.113.11 Done add lsn group lsn - group -3 -clientname lsn -client -3 Done bind lsn group lsn - group -3 -poolname lsn -pool -3 Done add lsn appsprofile lsn - app - httpprofile -3 TCP -mappingENDPOINT-INDEPENDENT完成绑定lsn appsprofile LSN-APPS-HTTPPROFILE-3 80完成绑定lsn组LSN-GROUP-3 -applicationprofilename LSN-APPS-HTTPPROFILE-3完成添加lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP映射ADDRESS-PORT-DEPENDENT完成绑定lsn appsprofile LSN-APPS-SSHPROFILE-3 22完成绑定lsn集团LSN-GROUP-3 -applicationprofilenameLSN-APPS-SSHPROFILE-3完成添加lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000完成绑定lsn集团LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3完成添加lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100完成绑定lsn集团LSN-GROUP-3 -transportprofilenameLSN-TRANS-PROFILE-UDP-3做< !——NeedCopy >为大量订阅者创建一个LSN配置:
add lsn client lsn - client -4 192.0.4.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.5.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.6.0 -netmask 255.255.255.0完成绑定lsn client lsn - client -4 -network 192.0.7.0 -netmask 255.255.255.0完成绑定lsn客户LSN-CLIENT-4网络192.0.8.0子网掩码255.255.255.0完成添加lsn池LSN-POOL-4做绑定lsn池LSN-POOL-4 203.0.113.30-203.0.113.40完成绑定lsn池LSN-POOL-4 203.0.113.45-203.0.113.50完成绑定lsn池LSN-POOL-4 203.0.113.55-203.0.113.60完成添加lsn组LSN-GROUP-4列出LSN-CLIENT-4绑定lsn LSN-GROUP-4小组完成的-poolname lsn -pool -4 Done add lsn appsprofile lsn - apps - wellknownprofile -4 TCP -mapping ENDPOINT-INDEPENDENT Done bind lsn appsprofile lsn - apps - wellknownprofile -4 1- 1023 Done bind lsn group lsn - group -4 -applicationprofilename lsn - apps - wellknownprofile -4 Done 创建多个LSN组共享NAT资源的LSN配置。在本例中,LSN池LSN- pool -5与LSN组LSN- group -5和LSN- group -6共享:
添加lsn客户机LSN-CLIENT-5做绑定lsn客户机LSN-CLIENT-5网络192.0.15.0子网掩码255.255.255.0完成添加lsn池LSN-POOL-5做绑定lsn池LSN-POOL-5 203.0.113.12-203.0.113.14完成添加lsn组LSN-GROUP-5列出LSN-CLIENT-5完成绑定lsn集团LSN-GROUP-5 -poolname LSN-POOL-5完成添加lsn客户LSN-CLIENT-6完成绑定lsnclient lsn -client -6 -network 192.0.16.0 -netmask 255.255.255.0 Done add lsn pool lsn -pool -6 Done bind lsn pool lsn -pool -6 203.0.113.15-203.0.113.18 Done add lsn group lsn - group -6 -clientname lsn -client -6 Done bind lsn group lsn - group -6 -poolname lsn -pool -5 Done 创建一个具有确定性NAT资源分配的LSN配置:
add lsn client lsn -client -7 Done bind lsn client lsn -client -network 192.0.17.0 -netmask 255.255.255.0 Done add lsn pool lsn - pool -7 -nattype DETERMINISTIC Done bind lsn pool lsn - pool -7 203.0.113.19-203.0.113.23 Done add lsn group lsn - group -7 -clientname lsn -client -nattype DETERMINISTIC -portblocksize 1024 Done bind lsn group lsn - group -7-poolname LSN-POOL-7完成创建一个LSN配置,其中多个用户网络具有相同的网络地址,但每个网络属于不同的流量域。另外,限制与HTTP协议(端口80)相关的出站流量,通过特定的流量域(td 5)发送它:
add lsn client lsn - client -8 Done bind lsn client lsn - client -network 192.0.18.0 -netmask 255.255.255.0 -td 1 Done bind lsn client lsn - client -8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2 Done bind lsn client lsn - client -network 192.0.18.0 -netmask 255.255.255.0 -td 3 Done add lsn pool lsn - pool -8 Done bind lsn pool lsn - pool -8203.0.113.80-203.0.113.86完成添加lsn组LSN-GROUP-8列出LSN-CLIENT-8完成绑定lsn集团LSN-GROUP-8 -poolname LSN-POOL-8完成添加lsn appsprofile LSN-APPS-HTTP-PROFILE-8 TCP td 5完成绑定lsn appsprofile LSN-APPS-HTTP-PROFILE-8 80完成绑定lsn组LSN-GROUP-8 -applicationprofilename LSN-APPS-HTTP-PROFILE-8做< !——NeedCopy >创建一个LSN配置,限制特定协议(TCP)的出站流量,通过特定的流量域(ttd 5)发送它。使用端点独立过滤,在任何流量域接收与该协议(TCP)相关的入站流量:
add lsn client lsn -client -9 Done bind lsn client lsn -client -network 192.0.9.0 -netmask 255.255.255.0 -td 1 Done add lsn pool lsn -pool -9 Done bind lsn pool lsn -pool -9 203.0.113.90 Done add lsn group lsn - group -9 -clientname lsn -client -9 Done bind lsn group lsn - group -9 -poolname lsn -pool -9 Done add lsn appsprofile lsn - apps - profile -9 TCP -filterend - independent -td 5 Done bind lsn group lsn - group -9 -approfile lsn - apps - profile -9 Done 创建一个LSN配置来限制出站HTTP(端口80)流量,通过特定的流量域(td 10)发送它。使用地址依赖过滤,在指定的流量域(td 10)接收与此协议(HTTP)相关的入站流量:
add lsn client lsn -client -10 Done bind lsn client lsn -client -network 192.0.10.0 -netmask 255.255.255.0 -td 1 Done add lsn pool lsn -pool -10 Done bind lsn group lsn - group -10 -clientname lsn -client -10 Done bind lsn group lsn - group -10 -poolname lsn -pool -10 Done add lsn appsprofile lsn - apps - profile -10 TCP-mapping ENDPOINT -INDEPENDENT -filtering address -td 10 Done bind lsn appsprofile lsn - apps - profile -10 80 Done bind lsn group lsn - group -10 -approfile lsn - apps - profile -10 Done
样本LSN配置
在这篇文章中
复制!
失败了!