Cisco Cisco Packet Data Gateway (PDG) Guia De Resolução De Problemas
ACS Rulebase Configuration Mode Commands
firewall priority ▀
Cisco ASR 5000 Series Command Line Interface Reference ▄
OL-22947-02
Permits packets.
: Specifies the NAT realm to be used for performing NAT on
subscriber packets matching the firewall ruledef.
If the NAT realm is not specified, then NAT will be bypassed. That is, NAT will not be applied on
subscriber packets that are matching a firewall ruledef with no NAT realm name configured.
subscriber packets that are matching a firewall ruledef with no NAT realm name configured.
specifies the NAT realm name, and must be a string of 1 through 31 characters
in length.
: Specifies that packets bypass NAT.
Important:
If the
is not configured, NAT is performed if the
CLI command is configured with the
option.
: Permits packets if the rule is matched, and allows the creation of data
flows for firewall. Optionally a port trigger can be specified to be used for this rule to limit the range
of auxiliary data connections (a single or range of port numbers) for protocols having control and
data connections (like FTP). The trigger port will be the destination port of an association which
matches a rule.
of auxiliary data connections (a single or range of port numbers) for protocols having control and
data connections (like FTP). The trigger port will be the destination port of an association which
matches a rule.
: Specifies the number of auxiliary ports to open for traffic, and must be
an integer from 1 through 65535.
: Specifies the range of ports to
open for subscriber traffic.
must be an integer from 1 through 65535. This is the start
of the port range and must be less than
.
must be an integer from 1 through 65535. This is the end of
the port range and must be greater than
.
Specifies the direction from which the auxiliary connection is initiated. This direction can be same as the
direction of control connection, or the reverse of the control connection direction, or in both directions.
direction of control connection, or the reverse of the control connection direction, or in both directions.
: Provides the trigger to open port for traffic in either direction of the control connection.
: Provides the trigger to open port for traffic in the reverse direction of the control connection
(from where the connection is initiated).
: Provides the trigger to open port for traffic in the same direction of the control connection (from
where the connection is initiated).
Usage
Use this command to add firewall ruledefs to the rulebase and configure the priority, type, and port triggers.
Port trigger configuration is optional. Port trigger can be configured only if a rule action is permit.
The rulebase specifies the firewall rules to be applied on the calls. The ruledefs within a rulebase have
priorities, based on which priority matching is done. Once a rule is matched and the rule action is permit, if
Port trigger configuration is optional. Port trigger can be configured only if a rule action is permit.
The rulebase specifies the firewall rules to be applied on the calls. The ruledefs within a rulebase have
priorities, based on which priority matching is done. Once a rule is matched and the rule action is permit, if