HP ProCurve 7102dl Reference Manual page 430
Secure router sros command line interface
Hide thumbs
Also See for ProCurve 7102dl:
- Configuration manual (1114 pages) ,
- Product end-of-life disassembly instructions (2 pages) ,
- Advanced management and configuration manual (1005 pages)
Table of Contents
Advertisement
SROS Command Line Interface Reference Guide
nat source list
(continued)
nat destination list
5991-2114
policy class entry or implicitly discarded if no further policy class entries exist.
Possible nat source list actions performed by the access policy are as follows:
nat source list <access control list name> address <IP address> overload
nat source list <access control list name> address <IP address> policy
<access policy name>
nat source list <access control list name> interface <interface> overload
nat source list <access control list name> interface <interface> policy
<access policy name>
address <IP address>
The address keyword specifies the IP address from which the translated packets
will be sourced.
interface <interface>
The primary IP address of an interface is used as the source IP for translated
packets when the interface keyword is applied.
policy <access policy name>
When the policy <access policy name> is specified, the firewall attempts to
match the specified access policy with the access policy that is applied to the
packet's egress interface as determined by the routing table or policy-based
routing configuration. If there is a match, the firewall will process the packet. If
there is no match, the firewall will process the packet based on the next policy
class entry or implicitly discard it if no further policy class entries exist.
overload
The overload command is not optional and must be used when using the nat
source list command.
All packets permitted by the specified extended ACL entering the interface that
the policy class is assigned to will translate the destination IP address of the
packet to the specified address and an association will be created in the firewall.
All associations created by the nat destination list are subject to the built-in
ip policy-timeout <protocol> <range> <port>
firewall timers (refer to
<seconds>
on page 433). All packets denied by the extended ACL will be
processed by the next policy class entry or implicitly discarded if no further policy
class entries exist. Possible nat destination list actions performed by the access
policy are as follows:
nat destination list <extended access control list name> address <IP address>
port <port number>
address <IP address>
The address keyword specifies the private IP host to which the translated packets
are destined.
port <port number>
The port keyword is used to translate the original destination port to a
user-specified port.
© Copyright 2007 Hewlett-Packard Development Company, L.P.
Global Configuration Mode Command Set
428
Advertisement
Chapters
Table of Contents
