Configuring A Class Map For Passive Ftp; Configuring A Policy Map - Cisco 4700M Configuration Manual
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Configuring Dynamic NAT and PAT
Configuring a Class Map for Passive FTP
Configuring a Policy Map
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
5-16
If you are using passive FTP with source NAT, you must configure an additional
class map to source NAT the passive data connection. You then associate this class
map with the Layer 4 multimatch policy and configure the nat dynamic command
as an action in the policy map under this class map. To configure a class map for
passive FTP, enter the following commands:
host1/C1(config)# class-map match-any FTP_NAT_CLASS
host1/C1(config-cmap)# match virtual address 172.16.35.37 any
You can configure a traffic policy for dynamic NAT and PAT by using the
policy-map command in configuration mode. For more information about policy
maps, see the Cisco 4700 Series Application Control Engine Appliance
Administration Guide.
The syntax of this command is as follows:
policy-map multi-match name
The name argument is the name assigned to the policy map. Enter an unquoted
text string with no spaces and a maximum of 64 alphanumeric characters.
For example, enter:
host1/C1(config)# policy-map multi-match NAT_POLICY
host1/C1(config-pmap)#
To remove a policy map from the configuration, enter:
host1/C1(config)# no policy-map multi-match NAT_POLICY
Associate the previously created class map with the policy map. For example,
enter:
host1/C1(config-pmap)# class NAT_CLASS
host1/C1(config-pmap-c)#
To dissociate a class map from a policy map, enter:
host1/C1(config-pmap)# no class NAT_CLASS
Chapter 5
Configuring Network Address Translation
OL-16202-01
Advertisement
Table of Contents
