Table of Contents
Advertisement
Chapter 13: Access Control List Configuration Guide
Table 3
lists the IA features that use ACL profiles:
Table 3. IA Features and ACL Profile Usage
IA Feature
IP policy
Dynamic NAT
Port mirroring
Rate limiting
Web caching
Note the following about using Profile ACLs:
•
Only IP ACLs can be used as Profile ACLs. ACLs for non-IP protocols cannot be used
as Profile ACLs.
•
The permit/deny keywords, while required in the ACL rule definition, are disregarded
in the configuration commands for the above-mentioned features. In other words, the
configuration commands will act upon a specified Profile ACL whether or not the
Profile ACL rule contains the permit or deny keyword.
•
Unlike with other kinds of ACLs, there is no implicit deny rule for Profile ACLs.
•
Only certain ACL rule parameters are relevant for each configuration command. For
example, the configuration command to create NAT address pools for dynamic
bindings (the nat create dynamic command) only looks at the source IP address in the
specified ACL rule. The destination IP address, ports, and TOS parameters, if specified,
are ignored.
Specific usage of Profile ACLs is described in more detail in the following sections.
Using Profile ACLs with the IP Policy Facility
The IP policy facility uses a Profile ACL to define criteria that determines which packets
should be forwarded according to an IP policy. Packets that meet the criteria defined in the
Profile ACL are forwarded according to the ip-policy command that references the Profile
ACL.
220
ACL Profile Usage
Specifies the packets that are subject to the IP routing policy.
Defines local address pools for dynamic bindings.
Defines traffic to be mirrored.
Specifies the incoming traffic flow to which rate limiting is
applied.
Specifies which HTTP traffic should always (or never) be
redirected to the cache servers.
Specifies characteristics of Web objects that should not be cached.
Internet Appliance User Reference Manual
Advertisement
Table of Contents
