nat-map match

Description

Use the nat-map match command to create a NAT map entry that uses match criteria to delineate traffic. Also use this command to change the matching conditions associated with an existing entry.

Syntax

nat-map <NAT map name> <priority value> match acl <ACL name>

nat-map <NAT map name> <priority value> match app <application>

nat-map <NAT map name> <priority value> match dscp {any | <dscp value>}

nat-map <NAT map name> <priority value> match protocol icmp {<source IP address and mask length> | any | any-ipv4 | any-ipv6} {<dest IP address and mask length> | any | any-ipv4 | any-ipv6} [dscp {any | <dscp value>}] [vlan {any | <1..4094> | <interface>.tag | <any>.tag | <interface>.any | <interface>.native}]

nat-map <NAT map name> <priority value> match protocol ip {<source IP address and mask length> | any | any-ipv4 | any-ipv6} {<dest IP address and mask length> | any | any-ipv4 | any-ipv6} [app <application name>] [dscp {any | <dscp value>}] [vlan {any | <1..4094> | <interface>.tag | <any>.tag | <interface>.any | <interface>.native}]

Arguments

<NAT map name>	Specifies the name of the NAT map.
<priority value>	Designates a priority value for the map entry. Acceptable values are from 1 to 65534. By default, the appliance reserves 65535 for the default entry.
match acl <ACL name>	Creates an entry that uses an existing ACL to match traffic. Also use this command to change the ACL associated with an existing entry.
match app <application name>	Creates an entry that uses a built-in or user-defined application—or an application group—to match traffic. Also use this command to change the application associated with an existing entry.
match dscp {<dscp value> | any}	Creates or modifies an entry that matches traffic with a specific DSCP marking. You can use any of the following values: • af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs1, cs2, cs3, cs4, cs5, cs6, cs7, or ef. • any is a wildcard.
match protocol icmp {<source IP address and mask length> | any | any-ipv4 | any-ipv6}	Creates or modifies a NAT map that matches the ICMP protocol. • any matches any IPv4 or IPv6 address • any-ipv4 matches any IPv4 address • any-ipv6 matches any IPv6 address
match protocol ip {<source IP address and mask length> | any | any-ipv4 | any-ipv6}	Creates or modifies a NAT map that matches the IP protocol. • any matches any IPv4 or IPv6 address • any-ipv4 matches any IPv4 address • any-ipv6 matches any IPv6 address
match vlan {any | <1..4094> | <interface>.tag | <any>.tag | <interface>.any | <interface>.native}	Creates or modifies an entry that matches an interface and 802.1q VLAN tag. The available values include: • <1..4094> the number assigned to a VLAN • <interface>.tag as in lan0.10 • <any>.tag as in any.10 • <interface>.any as in lan0.any • <interface>.native as in lan0.native • any is a wildcard.
<source IP address and mask length>	Specifies the source IP address and netmask in slash notation. For example, 192.1.2.0/24 or 2001:db8::/32
<destination IP address and mask length>	Specifies the destination IP address and netmask in slash notation. For example, 192.1.2.0/24 or 2001:db8::/32.

Defaults

None.

Command Mode

Global Configuration Mode

See Also

See the following related commands:

n

“nat-map”

n	“nat-map set”

n	“nat-map activate”

n	“nat-map comment”

n	“no nat-map”

n	“nat-map modify-priority”

n	“show nat-map”

Usage Guidelines

None.

Examples

None.

Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com.