Cisco Cisco ASR 5700
Firewall-and-NAT Policy Configuration Mode Commands
nat policy ▀
Command Line Interface Reference, StarOS Release 17 ▄
5093
ipv6-only
Enables NAT processing for IPv6 in the Firewall-and-NAT policy.
default-nat-realm nat_realm_name
Specifies the default NAT realm for the Firewall-and-NAT policy.
nat_realm_name
must be the name of an existing NAT realm, and must be an alphanumeric string of 1
through 31 characters.
fw-and-nat-action action_name
Specifies the Firewall-and-NAT action name.
action_name
must be an alphanumeric string of 1 through 63 characters.
Usage
Use this command to enable/disable IPv4 and/or IPv6 NAT support for all subscribers using a Firewall-and-
NAT policy.
In release 8.1, to enable NAT support for a subscriber, Stateful Firewall must also be enabled for that
subscriber. See the
NAT policy.
In release 8.1, to enable NAT support for a subscriber, Stateful Firewall must also be enabled for that
subscriber. See the
firewall policy
CLI command.
Once NAT is enabled for a subscriber, the NAT IP address to be used is chosen from the NAT realms
specified in the rules. See the
specified in the rules. See the
access-rule
CLI command.
You can enable/disable NAT at any time, however the changed NAT status will not be applied to active calls.
The new NAT status will only be applied to new calls.
The new NAT status will only be applied to new calls.
Example
The following command enables NAT support in a Firewall-and-NAT policy:
nat policy nat-required
The following command disables NAT support in a Firewall-and-NAT policy:
no nat policy
The following command enables IPv4 and IPv6 NAT support in a Firewall-and-NAT policy:
nat policy ipv4-and-ipv6