Cisco Cisco Security Manager 4.4 Guia De Especificaciones
Cisco Security Manager 4.4 API Specification (Version 1.1)
OL- 29074-01
Page 87
3.1.5.14
InterfaceNATPolicyDynamicRulesFirewallPolicy
An InterfaceNATPolicyDynamicRulesFirewallPolicy extends from the base BasePolicy class and inherits all its
attributes. An instance of a InterfaceNATPolicyDynamicRulesFirewallPolicy specifies dynamic translation rules
based on source and destination addresses and services. Rules are evaluated sequentially in the order listed.
attributes. An instance of a InterfaceNATPolicyDynamicRulesFirewallPolicy specifies dynamic translation rules
based on source and destination addresses and services. Rules are evaluated sequentially in the order listed.
This policy is applicable for PIX, FWSM and pre-ASA 8.3.
The following table defines the contents of an InterfaceNATPolicyDynamicRulesFirewallPolicy:
Element. Sub Element
Type
Comment
isRuleEnabled
boolean
If true, the rule is enabled and false indicates that the rule is
disabled.
disabled.
realInterfaceGID
ObjectIdentifier
Maps to the the device interface role policy object to which the
rule applies.
rule applies.
poolId
Unsigned Int
The ID number of the pool of addresses used for translation. A
value of zero to specify this as an identity NAT rule.
value of zero to specify this as an identity NAT rule.
original
Complex Type
Complex type containing IP addresses for the source hosts and
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network/interface role
policy objects
network objects to which the rule applies. Can contain multiple
literal IP addresses and/or reference to network/interface role
policy objects
original.ipv4Data
String
A literal IP Address.
original.
interfaceRoleObjectGI
Ds
interfaceRoleObjectGI
Ds
ObjectIdentifierList
List of interface role policy objects.
original.
networkObjectGIDs
networkObjectGIDs
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
outsideNAT
Boolean
If true, indicates the “outside” keyword is present on this NAT
rule.
rule.
destinations
Complex Type
Complex type containing IP addresses for the destination hosts
and network objects to which the rule applies. Can contain
multiple literal IP addresses and/or reference to network/interface
role policy objects
multiple literal IP addresses and/or reference to network/interface
role policy objects
destinations.ipv4Data
String
A literal IP address.
destinations.
interfaceRoleObjectGI
Ds
interfaceRoleObjectGI
Ds
ObjectIdentifierList
List of interface role policy objects.
destinations.
networkObjectGID
networkObjectGID
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
services
Complex Type
Complex type containing services to which the rule applies. This
can be a combination of service information in the format
protocol/source-port/destination-port and/or references to Service
Policy object
protocol/source-port/destination-port and/or references to Service
Policy object
services.serviceData
String
The syntax for service specification is:
{tcp | udp | tcp&udp}/{source_port_number |
{tcp | udp | tcp&udp}/{source_port_number |