IP Router Configuration
7705 SAR OS Router Configuration Guide 49
NAT Policies
A NAT policy defines the method by which NAT should be applied to traffic that is inbound
to or outbound from a NAT zone. Policies can vary from subscriber to subscriber and are
applied to zones at the time the zone is created. NAT policies are all of type NPAT, meaning
that they use both a network address translation and port address translation mechanism.
Within a NAT policy, a specific set of matching criteria can be configured. If there is a match
on a packet, an action is applied. If the action is NAT, the packet has NAT applied to it based
on the configured NAT pool IP address and ports.
NAT policy attributes and packet matching criteria are described in Table 6.
Note: A security policy is a template that can be applied to multiple zones.
Table 6: NAT Policy Attributes and Packet Matching Criteria
Attribute Description CLI Command
Action Specifies how a packet is handled if a
criteria is matched. If the zone finds a
match for all the specified criteria, then it
performs the specified actions on the
packet. If there is no match, the packet is
dropped. The supported actions are
forward, reject, and nat.
action
Packet flow direction Specifies whether the policy matching
criteria is applied to packets that are
inbound to a zone, outbound from a zone,
or to both inbound and outbound packets.
The supported directions are zone-
inbound, zone-outbound, and both.
direction
Match (protocol ID) Specifies a protocol ID (TCP, UDP,
ICMP) that the protocol specification of
the packet must match
match
Source IP Specifies an explicit source IP address for
the match criteria of the rule. Packets
being processed by a zone are evaluated
for a match to the specified source IP.
src-ip
To Next Page
Loading...
