Cisco Cisco ASA 5555-X Adaptive Security Appliance 技术手册
20
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Network Address Translation
Network Address Translation
This XML example sets up the Network Address Translation (NAT) feature on the external interface,
based on the previously created network objects, ilinux1 and olinux1.
based on the previously created network objects, ilinux1 and olinux1.
ASA Configuration
nat (externalIf,internalIf) source static ilinux1 olinux1
XML Example
<polUni>
<fvTenant name="tenant1">
<vnsAbsGraph name = "WebGraph">
<vnsAbsNode name = "FW1">
<vnsAbsDevCfg>
<vnsAbsFolder key="NATList" name="ListA">
<vnsAbsFolder key="NATRule" name="RuleA">
<vnsAbsParam key="order" name="order" value="3"/>
<vnsAbsFolder key="source_translation" name="source_trans">
<vnsAbsFolder key="mapped_object" name="mapped_object">
<vnsAbsCfgRel key="object_name" name="map_name" targetName="olinux1"/>
</vnsAbsFolder>
<vnsAbsFolder key="real_object" name="real_object">
<vnsAbsCfgRel key="object_name" name="real_name" targetName="ilinux1"/>
</vnsAbsFolder>
<vnsAbsParam key="nat_type" name="nat_type" value="static"/>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsFolder>
</vnsAbsDevCfg>
<vnsAbsFuncCfg>
<vnsAbsFolder key="NATPolicy" name="PolicyA">
<vnsAbsCfgRel key="nat_list_name" name="nat_listA" targetName="ListA"/>
</vnsAbsFolder>
</vnsAbsFuncCfg>
</vnsAbsNode>
</vnsAbsGraph>
</fvTenant>
</polUni>
Intrusion Prevention System
This XML example sets up the Intrusion Prevention System (IPS) feature. The example shows how to
match traffic to a previously created access list, ACL1, and enables IPS as inline and fail-open. Also
included is IPS on internal and global interfaces.
match traffic to a previously created access list, ACL1, and enables IPS as inline and fail-open. Also
included is IPS on internal and global interfaces.
ASA Configuration
class-map ips_internalIf
match access-list ACL1
policy-map internalIf