Table of Contents
Advertisement
Command Reference Guide
nat source list <ipv4 acl name> pool <pool name>
Use the nat source list pool command to translate the source Internet Protocol version 4 (IPv4) address to
an IPv4 address within the specified pool of addresses, translating a local private address to global public
address. The translation is applied only to those packets permitted by the specified IPv4 access control list
(ACL), and entering the interface to which the IPv4 access control policy (ACP) is assigned and whose
source IPv4 address falls within the local range of addresses in the specified pool. All firewall associations
are subject to the built-in firewall timers (refer to
command include:
nat source list <ipv4 acl name> pool <pool name>
nat source list <ipv4 acl name> pool <pool name> no-alg
nat source list <ipv4 acl name> pool <pool name> no-alg policy <ipv4 acp name>
nat source list <ipv4 acl name> pool <pool name> policy <ipv4 acp name>
nat source list <ipv4 acl name> pool <pool name> policy <ipv4 acp name> no-alg
Syntax Description
<ipv4 acl name>
pool <pool name>
policy <ipv4 acp name>
no-alg
Default Values
By default, all AOS security features are disabled and there are no configured IPv4 ACP entries.
60000CRG0-35E
ip policy-timeout on page
Specifies the IPv4 ACL against which to check traffic before allowing
packets to enter the interface. All packets not matched by the IPv4 ACL will
be processed by the next IPv4 ACP entry or implicitly discarded if no further
IPv4 ACP entries exist.
Specifies the network address translation (NAT) pool to use for address
mapping. If the source IPv4 address does not fall within the local range of
the specified pool, the packet will be processed by the next IPv4 ACP entry
or implicitly discarded if no further IPv4 ACP entries exist.
Optional. Specifies the IPv4 ACP against which to match traffic. The firewall
attempts to match the specified IPv4 ACP with the IPv4 ACP that is applied
to the packet's egress interface as determined by the routing table or
policy-based routing configuration. If there is a match, the firewall will
process the packet. If there is no match, the firewall will process the packet
based on the next IPv4 ACP entry or implicitly discard it if no further IPv4
ACP entries exist.
Optional. Allows packets matching the IPv4 ACP entry to traverse the
firewall without being processed by the application-level gateways (ALGs).
This parameter, along with the appropriate IPv4 ACL, prevents specific
sources from being processed by the ALGs. For example, this option can
be used to prevent specific hosts from being uniform resource locator (URL)
filtered by configuring an IPv4 ACP entry with the no-alg parameter that
matches specific hosts followed by another IPv4 ACP entry that matches
remaining hosts. The no-alg parameter can be placed before or after the
policy <acp name> parameter.
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control Policy Command Set
1063). Variations of this
3160
Advertisement
Table of Contents
