LSN 配置示例
以下是通过命令行界面配置 LSN 的示例。
使用单个订阅者网络、单个 LSN NAT IP 地址和默认设置创建简单的 LSN 配置:
add lsn client LSN-CLIENT-1
Done
bind lsn client LSN-CLIENT-1 -network 192.0.2.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-1
Done
bind lsn pool LSN-POOL-1 203.0.113.3
Done
add lsn group LSN-GROUP-1 -clientname LSN-CLIENT-1
Done
bind lsn group LSN-GROUP-1 -poolname pool1 LSN-POOL-1
Done
使用扩展 ACL 创建 LSN 配置,用于识别 LSN 订阅者:
add ns acl LSN-ACL-2 ALLOW -srcIP 192.0.2.10-192.0.2.20
Done
apply acls
Done
add lsn client LSN-CLIENT-2
Done
bind lsn client LSN-CLIENT-2 –aclname LSN-ACL-2
Done
add lsn pool LSN-POOL-2
Done
bind lsn pool LSN-POOL-2 203.0.113.5-203.0.113.10
Done
add lsn group LSN-GROUP-2 -clientname LSN-CLIENT-2
Done
bind lsn group LSN-GROUP-2 -poolname LSN-POOL-2
Done
使用 HTTP 协议(端口 80)和 SSH 协议(端口 22)的地址端口相关映射创建 LSN 配置。此外,限制每个订阅者最多使用 1000 个 NAT 端口用于 TCP 协议,最多使用 100 个 NAT 端口用于 UDP 协议。限制每个订阅者具有 TCP 协议的最多 2000 个并发会话。将组限制为 TCP 协议的最多具有 30000 个并发会话:
add lsn client LSN-CLIENT-3
Done
bind lsn client LSN-CLIENT-3 -network 192.0.3.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-3
Done
bind lsn pool LSN-POOL-3 203.0.113.11
Done
add lsn group LSN-GROUP-3 -clientname LSN-CLIENT-3
Done
bind lsn group LSN-GROUP-3 -poolname LSN-POOL-3
Done
add lsn appsprofile LSN-APPS-HTTPPROFILE-3 TCP -mapping ENDPOINT-INDEPENDENT
Done
bind lsn appsprofile LSN-APPS-HTTPPROFILE-3 80
Done
bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-HTTPPROFILE-3
Done
add lsn appsprofile LSN-APPS-SSHPROFILE-3 TCP -mapping ADDRESS-PORT-DEPENDENT
Done
bind lsn appsprofile LSN-APPS-SSHPROFILE-3 22
Done
bind lsn group LSN-GROUP-3 -applicationprofilename LSN-APPS-SSHPROFILE-3
Done
add lsn transportprofile LSN-TRANS-PROFILE-TCP-3 TCP -portquota 1000 -sessionquota 2000 -groupSessionLimit 30000
Done
bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-TCP-3
Done
add lsn transportprofile LSN-TRANS-PROFILE-UDP-3 UDP -portquota 100
Done
bind lsn group LSN-GROUP-3 -transportprofilename LSN-TRANS-PROFILE-UDP-3
Done
为大量订阅者创建 LSN 配置:
add lsn client LSN-CLIENT-4
Done
bind lsn client LSN-CLIENT-4 -network 192.0.4.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.5.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.6.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.7.0 -netmask 255.255.255.0
Done
bind lsn client LSN-CLIENT-4 -network 192.0.8.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-4
Done
bind lsn pool LSN-POOL-4 203.0.113.30-203.0.113.40
Done
bind lsn pool LSN-POOL-4 203.0.113.45-203.0.113.50
Done
bind lsn pool LSN-POOL-4 203.0.113.55-203.0.113.60
Done
add lsn group LSN-GROUP-4 -clientname LSN-CLIENT-4
Done
bind lsn group LSN-GROUP-4 -poolname LSN-POOL-4
Done
add lsn appsprofile LSN-APPS-WELLKNOWNPROFILE-4 TCP -mapping ENDPOINT-INDEPENDENT
Done
bind lsn appsprofile LSN-APPS-WELLKNOWN-PORTS-PROFILE-4 1- 1023
Done
bind lsn group LSN-GROUP-4 -applicationprofilename LSN-APPS-WELLKNOWN-PORTS-PROFILE-4
Done
通过在多个 LSN 组之间共享 NAT 资源创建 LSN 配置。在此示例中,LSN 池 LSN-POOL-5 与 LSN-GROUP-5 和 LSN-GROUP-6 共享:
add lsn client LSN-CLIENT-5
Done
bind lsn client LSN-CLIENT-5 -network 192.0.15.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-5
Done
bind lsn pool LSN-POOL-5 203.0.113.12-203.0.113.14
Done
add lsn group LSN-GROUP-5 -clientname LSN-CLIENT-5
Done
bind lsn group LSN-GROUP-5 -poolname LSN-POOL-5
Done
add lsn client LSN-CLIENT-6
Done
bind lsn client LSN-CLIENT-6 -network 192.0.16.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-6
Done
bind lsn pool LSN-POOL-6 203.0.113.15-203.0.113.18
Done
add lsn group LSN-GROUP-6 -clientname LSN-CLIENT-6
Done
bind lsn group LSN-GROUP-6 -poolname LSN-POOL-6
Done
bind lsn group LSN-GROUP-6 -poolname LSN-POOL-5
Done
创建具有确定性 NAT 资源分配的 LSN 配置:
add lsn client LSN-CLIENT-7
Done
bind lsn client LSN-CLIENT-7 -network 192.0.17.0 -netmask 255.255.255.0
Done
add lsn pool LSN-POOL-7 -nattype DETERMINISTIC
Done
bind lsn pool LSN-POOL-7 203.0.113.19-203.0.113.23
Done
add lsn group LSN-GROUP-7 -clientname LSN-CLIENT-7 -nattype DETERMINISTIC -portblocksize 1024
Done
bind lsn group LSN-GROUP-7 -poolname LSN-POOL-7
Done
使用具有相同网络地址但每个网络属于不同流量域的多个订阅者网络创建 LSN 配置。此外,限制与 HTTP 协议(端口 80)相关的出站流量,通过特定流量域(td 5)发送它:
add lsn client LSN-CLIENT-8
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 1
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 2
Done
bind lsn client LSN-CLIENT-8 -network 192.0.18.0 -netmask 255.255.255.0 -td 3
Done
add lsn pool LSN-POOL-8
Done
bind lsn pool LSN-POOL-8 203.0.113.80-203.0.113.86
Done
add lsn group LSN-GROUP-8 -clientname LSN-CLIENT-8
Done
bind lsn group LSN-GROUP-8 -poolname LSN-POOL-8
Done
add lsn appsprofile LSN-APPS-HTTP-PROFILE-8 TCP -td 5
Done
bind lsn appsprofile LSN-APPS-HTTP-PROFILE-8 80
Done
bind lsn group LSN-GROUP-8 -applicationprofilename LSN-APPS-HTTP-PROFILE-8
Done
创建 LSN 配置,限制特定协议 (TCP) 的出站流量,并通过特定流量域 (td 5) 发送它。使用与端点无关的筛选,在任何流量域上接收与此协议 (TCP) 相关的入站流量:
add lsn client LSN-CLIENT-9
Done
bind lsn client LSN-CLIENT-9 -network 192.0.9.0 -netmask 255.255.255.0 -td 1
Done
add lsn pool LSN-POOL-9
Done
bind lsn pool LSN-POOL-9 203.0.113.90
Done
add lsn group LSN-GROUP-9 -clientname LSN-CLIENT-9
Done
bind lsn group LSN-GROUP-9 -poolname LSN-POOL-9
Done
add lsn appsprofile LSN-APPS-PROFILE-9 TCP -filtering ENDPOINT-INDEPENDENT -td 5
Done
bind lsn group LSN-GROUP-9 -approfile LSN-APPS-PROFILE-9
Done
创建限制出站 HTTP(端口 80)流量的 LSN 配置,并通过特定流量域 (td 10) 发送它。通过与地址相关的筛选,在指定流量域 (td 10) 上接收与此协议 (HTTP) 相关的入站流量:
add lsn client LSN-CLIENT-10
Done
bind lsn client LSN-CLIENT-10 -network 192.0.10.0 -netmask 255.255.255.0 -td 1
Done
add lsn pool LSN-POOL-10
Done
bind lsn pool LSN-POOL-10 203.0.113.100
Done
add lsn group LSN-GROUP-10 -clientname LSN-CLIENT-10
Done
bind lsn group LSN-GROUP-10 -poolname LSN-POOL-10
Done
add lsn appsprofile LSN-APPS-PROFILE-10 TCP -mapping ENDPOINT -INDEPENDENT -filtering ADDRESS-DEPENDENT -td 10
Done
bind lsn appsprofile LSN-APPS-PROFILE-10 80
Done
bind lsn group LSN-GROUP-10 -approfile LSN-APPS-PROFILE-10
Done
LSN 配置示例
本文中包含的内容
已复制
Failed!