Policy NAT (using static with access-list command) 2.
Static NAT (using static command) 3.
Static PAT (using static command) 4.
Policy NAT (using nat with access-list command) 5.
Dynamic NAT (using nat command) 6.
Dynamic PAT (using nat command) 7.
Controlling Traffic Flow and Network Access
Firewall security policies are heavily based on strict access control. Network access can be controlled using
access lists on the Security Appliance. Access lists can be configured to filter network traffic as it passes through
the firewall.
ACL Overview and Applications on Security Appliance
Access lists specify criteria for a packet to be permitted or denied and are based on a protocol, a source and
destination IP address or network, and optionally, the source and destination ports. Refer to Chapter 2, "Access
Control," for more details on using access lists for traffic filtering.
Access lists have many applications and can be used in a variety of functions on the Security Appliance,
including the following. The first is the most important:
To control traffic flow and network access through the Security Appliance
To identify addresses for NAT exemption or Policy NAT
To identify traffic for AAA rules
To identify traffic for a class map for MPF
To control route redistribution
To define traffic for IPsec VPN encryption
To define the Webtype ACL for URL filters
ACLs can be used to control traffic flow in both routed and transparent firewall modes.
Pages:
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308