Nat Policies; Table 6 Nat Policy Attributes And Packet Matching Criteria - Alcatel-Lucent 7705 Configuration Manual

NAT Policies

A NAT policy defines the method by which NAT should be applied to traffic that is inbound
to or outbound from a NAT zone. Policies can vary from subscriber to subscriber and are
applied to zones at the time the zone is created. NAT policies are all of type NPAT, meaning
that they use both a network address translation and port address translation mechanism.
Within a NAT policy, a specific set of matching criteria can be configured. If there is a match
on a packet, an action is applied. If the action is NAT, the packet has NAT applied to it based
on the configured NAT pool IP address and ports.
NAT policy attributes and packet matching criteria are described in
7705 SAR OS Router Configuration Guide
Note: A security policy is a template that can be applied to multiple zones.
Table 6: NAT Policy Attributes and Packet Matching Criteria
Attribute
Action
Packet flow direction
Match (protocol ID)
Source IP
Description
Specifies how a packet is handled if a
criteria is matched. If the zone finds a
match for all the specified criteria, then it
performs the specified actions on the
packet. If there is no match, the packet is
dropped. The supported actions are
forward, reject, and nat.
Specifies whether the policy matching
criteria is applied to packets that are
inbound to a zone, outbound from a zone,
or to both inbound and outbound packets.
The supported directions are zone-
inbound, zone-outbound, and both.
Specifies a protocol ID (TCP, UDP,
ICMP) that the protocol specification of
the packet must match
Specifies an explicit source IP address for
the match criteria of the rule. Packets
being processed by a zone are evaluated
for a match to the specified source IP.
IP Router Configuration
Table 6.
CLI Command
action
direction
match
src-ip
49