ADTRAN AOS Version R10.1.0 Command Reference Manual page 3155

Command Reference Guide
nat destination list <ipv4 acl name> pool <pool name>
Use the nat destination list pool command to translate the destination Internet Protocol version 4 (IPv4)
address to an address within the specified pool of addresses, translating a global to local address
association. The translation is applied only to those packets permitted by the specified IPv4 access control
list (ACL), and entering the interface to which the IPv4 access control policy (ACP) is assigned, and to
those packets whose destination IPv4 address falls within the global range of the network address
translation (NAT) pool. All firewall associations are subject to the built-in firewall timers (refer to
policy-timeout on page
nat destination list <ipv4 acl name> pool <pool name>
nat destination list <ipv4 acl name> pool <pool name> no-alg
Syntax Description
<ipv4 acl name>
pool <pool name>
no-alg
Default Values
By default, all AOS security features are disabled and there are no configured IPv4 ACP entries.
Command History
Release 17.4
Functional Notes
AOS IPv4 ACPs are used to allow, discard, or manipulate (using NAT) data for each physical interface.
Each IPv4 ACP consists of an action (allow, discard, nat) and a selector (ACL). When packets are
received on an interface, the configured IPv4 ACPs are applied to determine whether the data will be
processed or discarded.
An implicit discard exists at the end of every IPv4 ACP. Specifying a discard list is
unnecessary in most applications and should be used with caution. A discard list can
adversely affect certain functions of a unit (virtual private network (VPN), routing
protocols, etc.). Specifying an empty IPv4 ACL or a nonexistent IPv4 ACL in an IPv4 ACP
will result in an implicit permit.
60000CRG0-35E
1063). Variations of this command include:
Specifies the IPv4 ACL against which to check traffic before allowing
packets to enter the interface. All packets not matched by the IPv4 ACL will
be processed by the next IPv4 ACP entry or implicitly discarded if no further
IPv4 ACP entries exist.
Specifies the NAT pool to use for address mapping. If the destination IPv4
address does not fall within the global range of the specified pool, the
packet will be processed by the next IPv4 ACP entry or implicitly discarded
if no further IPv4 ACP entries exist.
Optional. Allows packets matching the IPv4 ACP entry to traverse the
firewall without being processed by the application-level gateways (ALGs).
This parameter, along with the appropriate IPv4 ACL, prevents specific
destinations from being processed by the ALGs.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control Policy Command Set
ip
3155