To configure a security zone policy for a 7705 SAR

Purpose

Perform this procedure to configure a security zone policy for a 7705 SAR, Release 6.1 R1 or later. You can assign a security zone policy to a network interface. You can also assign a security zone policy to an L3 access interface on an IES or VPRN service site; an L2 access interface or spoke SDP on an EPIPE, VPLS, or MVPLS service; and a tunnel interface on a VPRN service.

Steps
 

Choose Policies→Security from the NFM-P main menu. The Security Policies form opens.

Click Create and choose Security Zone, or choose an existing security zone policy and click Properties. The Security Zone, Global Policy (Create|Edit) form opens with the General tab displayed.

Configure the required general parameters.

Configure the Zone Type parameter in the Zone Instance panel.

  1. If you specified a Zone Type of BASE, go to Step 5 .

  2. If you specified a Zone Type that is a service type, select a service in the appropriate service panel (for example, an IES service in the IES panel).

Configure the required parameters in the Inbound Concurrent Sessions panel and Outbound Concurrent Sessions panel.

If you chose VPRN in Step 4 , configure the Auto-bind parameter in the MP-BGP Auto-Bind panel.

Select a security log policy in the Logging panel. You can click Create to create a security log policy; see To configure a security log policy for a 7705 SAR .

Select a security policy in the Security Policy panel.

Only one security policy can be assigned to each security zone. The same security policy can be assigned to multiple security zones. See To configure a security policy for a 7705 SAR for more information about configuring a security policy.

Save your changes. If you specified a Zone Type of VPLS, MVPLS, or EPIPE, go to Step 16.

10 

Assign a NAT pool to the security zone.

  1. Click on the NAT Pool tab and click Create. The NAT Pool, Global Policy, (Create) form opens with the General tab displayed.

  2. Configure the required parameters.

11 

To assign a NAT pool entry to the NAT pool, click on the NAT Pool Entry tab and click Create. The Nat Pool Entry, Global Policy (Create) form opens.

12 

Configure the required parameters.

13 

Perform one of the following:

  1. If you specified a Zone Type of BASE in Step 4 , select a Source Network Interface.

  2. If you specified a Zone Type of IES in Step 4 , select a Source IES L3 Access Interface.

  3. If you specified a Zone Type of VPRN in Step 4 , select a Source VPRN L3 Access Interface.

14 

Configure the IP Operator parameter in the IP Address panel.

Note: The configuration of the network interface and IP address are mutually exclusive.

15 

Configure the Port Operator parameter in the Port panel.

16 

Click OK to save the policy and close the form, or click Apply to save the policy. See To release and distribute a policy to release and distribute the policy to NEs.

End of steps