Cisco Cisco Security Manager 4.3 Guia Do Programador
Cisco Security Manager 4.3 API Specification (Version 1.0)
OL-
26775-01
Page 92
3.1.5.16
InterfaceNATObjectFirewallPolicy
An InterfaceNATObjectFirewallPolicy extends from the base BasePolicy class and inherits all its attributes. An
instance of a InterfaceNATObjectFirewallPolicy specifies the object NAT rules on the device. The base order-id
attribute that is inherited from the base policy specifies the ordering of these rules in the policy.
instance of a InterfaceNATObjectFirewallPolicy specifies the object NAT rules on the device. The base order-id
attribute that is inherited from the base policy specifies the ordering of these rules in the policy.
This policy is only applicable for device ASA version 8.3 or later
The following table defines the contents of an InterfaceNATObjectFirewallPolicy:
Element. Sub Element
Type
Comment
section
Enumeration
Specifies the rule section. Valid values are “1”, “2” and “3”.
Following is the interpretation
Following is the interpretation
“1” Indicates pre-NAT or NAT before rules
“2” Indicates Object NAT rules
“3” Indicates post-NAT or NAT rules after.
For this policy type only “2” is allowed. The BasePolicy orderId
element will specify the “ordering” of the rules within this
section.
element will specify the “ordering” of the rules within this
section.
realInterface
String
Interface string
mappedInterface
String
Interface String
natType
Enumeration
Specifies the type of translation rule either “Static” or
“Dynamic”.
“Dynamic”.
originalObjectGID
String
The source address the NAT rule will translate.
translated
Complex Type
Complex type that specifies whether the translation is based on
either an address or interface.
either an address or interface.
translated.objectGID
Complex Type
Complex Type containing the address definitions
translated.objectGID.ip
v4Data
v4Data
String
A literal IP address.
translated.objectGID.
networkObjectGID
networkObjectGID
Object identifier
An ObjectIdentifier ID that references a Network Policy Object.
translated.objectGID.int
erfaceKeyword
erfaceKeyword
String
A value of “interface” indicates that the interface keyword is
defined for this NAT rule.
defined for this NAT rule.
translated.patPool
Complex Type
On ASA version 8.4.2 and later, a separate PAT Pool for a
Dynamic NAT and PAT rule can be defined. The PAT Pool
addresses are specified using this PAT Pool Address Translation
field. This contains the PAT Pool options.
Dynamic NAT and PAT rule can be defined. The PAT Pool
addresses are specified using this PAT Pool Address Translation
field. This contains the PAT Pool options.
translated.patPool.patA
ddressPool
ddressPool
Complex Type
Containing the address information
translated.patPool.patA
ddressPool.
ddressPool.
Object identifier
An ObjectIdentifier ID that references a Network Policy Object
for PAT Pool.
for PAT Pool.