Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
19
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(1)
Network Address Translation
flow-export destination management-utility 1.2.3.4 1024
flow-export template timeout-rate 120
flow-export delay flow-create 60
flow-export active refresh-interval 30
class netflow_default
flow-export event-type all destination 1.2.3.4
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="NetFlowObjects" name="ObjectA">
<vnsDevFolder key="TemplateAndCollectors" name="TemplateA">
<vnsDevParam key="template_timeout_rate" name="timeout" value="120"/>
<vnsDevParam key="delay_flow_create" name="delay" value="60"/>
<vnsDevParam key="active_refresh_interval" name="refresh" value="30"/>
<vnsDevFolder key="NetFlowCollectors" name="CollectorA">
<vnsDevParam key="status" name="status" value="enable"/>
<vnsDevParam key="host" name="host" value="1.2.3.4"/>
<vnsDevParam key="port" name="port" value="1024"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsDevFolder>
<vnsDevFolder key="GlobalServicePolicy" name="GlobalPolicyA">
<vnsDevParam key="ServicePolicyState" name="PolicyState" value="enable"/>
<vnsDevFolder key="NetFlow" name="NetFlowPolicyA">
<vnsDevFolder key="NetFlowSettings" name="SettingA">
<vnsDevFolder key="ExportAllEvent" name="ExportAll">
<vnsDevParam key="status" name="status" value="enable"/>
<vnsDevParam key="event_destination" name="dest" value="1.2.3.4"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
Network Address Translation
This XML example sets up the Network Address Translation (NAT) feature on the external interface,
based on the previously created network objects, ilinux1 and olinux1.
based on the previously created network objects, ilinux1 and olinux1.
ASA Configuration
nat (externalIf,internalIf) source static ilinux1 olinux1