Types Of Acls - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Types of ACLs

The Secure Router OS firewall supports two types of ACLs:
standard
extended
If you want to define patterns based solely on source address, you should
configure a standard ACL. If you want to define patterns based on source and
destination addresses and on other fields in the IP, TCP, or UDP header, you
should create an extended ACL. You must create an extended ACL for one-to-
one NAT.
You can create a standard ACL or an extended ACL by entering this command
from the global configuration mode context:
Syntax: ip access-list [standard | extended] <listname>
Replace <listname> with the name you want to assign to the ACL.
Configuring a Standard ACL for Many-to-One NAT. When you config-
ure many-to-one NAT, you should create a standard ACL to select the traffic
that the ProCurve Secure Router will NAT. For example, to create a standard
ACL called Inside, enter:
ProCurve(config)# ip access-list standard Inside
You can then use the following command to select the traffic that you want to
NAT:
Syntax: [permit | deny] [any | host <A.B.C.D> | hostname <hostname> | <A.B.C.D>
<wildcard bits>]
Table 6-2 lists the options for specifying a source address.
Table 6-2. Options for Specifying Source Address
Option
any
host <A.B.C.D>
host <hostname>
<A.B.C.D>
<A.B.C.D> <wildcard bits>
Configuring Network Address Translation
Meaning
match all hosts
specify a single host
specify a single host
specify a single IP address
specify a range of IP addresses
Configuring NAT
6-9