ip nat

Configure NAT

nat Specification

Type	Intermediate Resource
Element Name	nat
Element URI	/axapi/v3/ip/nat
Element Attributes	nat_attributes
Schema	nat schema

Operations Allowed:

Operation	Method	URI	Payload
Get Object	GET	/axapi/v3/ip/nat	nat_attributes

nat attributes

alg

Description: alg is a JSON Block. Please see below for alg

Type: Object

Reference Object: /axapi/v3/ip/nat/alg

icmp

Description: icmp is a JSON Block. Please see below for icmp

Type: Object

Reference Object: /axapi/v3/ip/nat/icmp

inside

Description: inside is a JSON Block. Please see below for inside

Type: Object

Reference Object: /axapi/v3/ip/nat/inside

nat-global

Description: nat-global is a JSON Block. Please see below for nat-global

Type: Object

Reference Object: /axapi/v3/ip/nat/nat-global

pool-group-list

Type: List

Reference Object: /axapi/v3/ip/nat/pool-group/{pool-group-name}

pool-list

Type: List

Reference Object: /axapi/v3/ip/nat/pool/{pool-name}

range-list-list

Type: List

Reference Object: /axapi/v3/ip/nat/range-list/{name}

template

Description: template is a JSON Block. Please see below for template

Type: Object

Reference Object: /axapi/v3/ip/nat/template

translation

Description: translation is a JSON Block. Please see below for translation

Type: Object

Reference Object: /axapi/v3/ip/nat/translation

range-list-list

Specification
Type	list
Block object keys

global-netmaskv4

Description Mask for this Address range

Type: string

Format: ipv4-netmask

global-start-ipv4-addr

Description Global Start IPv4 Address of this list

Type: string

Format: ipv4-address

global-start-ipv6-addr

Description Global Start IPv6 Address of this list

Type: string

Format: ipv6-address-plen

local-netmaskv4

Description Mask for this Address range

Type: string

Format: ipv4-netmask

local-start-ipv4-addr

Description Local Start IPv4 Address of this list

Type: string

Format: ipv4-address

local-start-ipv6-addr

Description Local Start IPv6 Address of this list

Type: string

Format: ipv6-address-plen

name

Description Name for this Static List

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

v4-acl-id

Description Access list ID

Type: number

Range: 1-199

v4-acl-name

Description Access list name

Type: string

Maximum Length: 16 characters

Maximum Length: 1 characters

v4-count

Description Number of addresses to be translated in this range

Type: number

Range: 1-200000

v4-vrid

Description VRRP-A vrid (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

Reference Object: /axapi/v3/vrrp-a/vrid

v6-acl-name

Description Access list name

Type: string

Maximum Length: 16 characters

Maximum Length: 1 characters

v6-count

Description Number of addresses to be translated in this range

Type: number

Range: 1-200000

v6-vrid

Description VRRP-A vrid (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

Reference Object: /axapi/v3/vrrp-a/vrid

alg

Specification
Type	object

pptp

Description: pptp is a JSON Block. Please see below for alg_pptp

Type: Object

Reference Object: /axapi/v3/ip/nat/alg/pptp

alg_pptp

Specification
Type	object

pptp

Description ‘disable’: Disable PPTP NAT ALG; ‘enable’: Enable PPTP NAT ALG;

Type: string

Supported Values: disable, enable

Default: disable

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

alg_pptp_sampling-enable

Specification
Type	list
Block object keys

counters1

Description ‘all’: all; ‘current-smp-sessions’: some help string; ‘current-gre-sessions’: some help string; ‘smp-session-creation-failure’: some help string; ‘truncated-pns-message’: some help string; ‘truncated-pac-message’: some help string; ‘mismatched-pns-call-id’: some help string; ‘mismatched-pac-call-id’: some help string; ‘retransmitted-pns-message’: some help string; ‘retransmitted-pac-message’: some help string; ‘truncated-gre-packet’: some help string; ‘unknown-gre-version’: some help string; ‘no-matching-gre-session’: some help string;

Type: string

Supported Values: all, current-smp-sessions, current-gre-sessions, smp-session-creation-failure, truncated-pns-message, truncated-pac-message, mismatched-pns-call-id, mismatched-pac-call-id, retransmitted-pns-message, retransmitted-pac-message, truncated-gre-packet, unknown-gre-version, no-matching-gre-session

pool-group-list

Specification
Type	list
Block object keys

member-list

Type: List

Reference Object: /axapi/v3/ip/nat/pool-group/{pool-group-name}/member/{pool-name}

pool-group-name

Description Specify pool group name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

sampling-enable

Type: List

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Description Specify VRRP-A vrid (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

Reference Object: /axapi/v3/vrrp-a/vrid

pool-group-list_sampling-enable

Specification
Type	list
Block object keys

counters1

Description ‘all’: all; ‘Failed’: some-help-string;

Type: string

Supported Values: all, Failed

pool-group-list_member-list

Specification
Type	list
Block object keys

pool-name

Description Specify NAT pool name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

nat-global

Specification
Type	object

sampling-enable

Type: List

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

nat-global_sampling-enable

Specification
Type	list
Block object keys

counters1

Description ‘all’: all; ‘cross_cpu_helper_created’: Cross CPU Helper Created; ‘cross_cpu_helper_free’: Cross CPU Helper Free; ‘cross_cpu_sent’: Cross CPU Helper Packets Sent; ‘cross_cpu_rcv’: Cross CPU Helper Packets Received; ‘cross_cpu_helper_nat_pool_standby’: Cross CPU Helper Standby; ‘cross_cpu_helper_cpu_mismatch’: Cross CPU Helper CPU Mismatch; ‘cross_cpu_bad_l3’: Cross CPU Unsupported L3; ‘cross_cpu_bad_l4’: Cross CPU Unsupported L4; ‘cross_cpu_no_session’: Cross CPU No Session Found; ‘cross_cpu_helper_deleted’: Cross CPU Helper Deleted; ‘cross_cpu_helper_free_retry_lookup’: Cross CPU Helper Free Retry Lookup; ‘cross_cpu_helper_free_not_found’: Cross CPU Helper Free Not Found;

Type: string

Supported Values: all, cross_cpu_helper_created, cross_cpu_helper_free, cross_cpu_sent, cross_cpu_rcv, cross_cpu_helper_nat_pool_standby, cross_cpu_helper_cpu_mismatch, cross_cpu_bad_l3, cross_cpu_bad_l4, cross_cpu_no_session, cross_cpu_helper_deleted, cross_cpu_helper_free_retry_lookup, cross_cpu_helper_free_not_found

template

Specification
Type	object

logging-list

Type: List

Reference Object: /axapi/v3/ip/nat/template/logging/{name}

template_logging-list

Specification
Type	list
Block object keys

facility

Description ‘kernel’: 0: Kernel; ‘user’: 1: User-level; ‘mail’: 2: Mail; ‘daemon’: 3: System daemons; ‘security-authorization’: 4: Security/authorization; ‘syslog’: 5: Syslog internal; ‘line-printer’: 6: Line printer; ‘news’: 7: Network news; ‘uucp’: 8: UUCP subsystem; ‘cron’: 9: Time-related; ‘security-authorization-private’: 10: Private security/authorization; ‘ftp’: 11: FTP; ‘ntp’: 12: NTP; ‘audit’: 13: Audit; ‘alert’: 14: Alert; ‘clock’: 15: Clock-related; ‘local0’: 16: Local use 0; ‘local1’: 17: Local use 1; ‘local2’: 18: Local use 2; ‘local3’: 19: Local use 3; ‘local4’: 20: Local use 4; ‘local5’: 21: Local use 5; ‘local6’: 22: Local use 6; ‘local7’: 23: Local use 7;

Type: string

Supported Values: kernel, user, mail, daemon, security-authorization, syslog, line-printer, news, uucp, cron, security-authorization-private, ftp, ntp, audit, alert, clock, local0, local1, local2, local3, local4, local5, local6, local7

Default: local0

include-destination

Description Include the destination IP and port in logs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

include-rip-rport

Description Include the IP and port of real server in logs

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

log

Description: log is a JSON Block. Please see below for template_logging-list_log

Type: Object

name

Description NAT logging template name

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

service-group

Description Set NAT logging service-group

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/slb/service-group

severity

Description: severity is a JSON Block. Please see below for template_logging-list_severity

Type: Object

source-port

Description: source-port is a JSON Block. Please see below for template_logging-list_source-port

Type: Object

user-tag

Description Customized tag

Type: string

Format: string-rlx

Maximum Length: 127 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

template_logging-list_severity

Specification
Type	object

severity-string

Description ‘emergency’: 0: Emergency; ‘alert’: 1: Alert; ‘critical’: 2: Critical; ‘error’: 3: Error; ‘warning’: 4: Warning; ‘notice’: 5: Notice; ‘informational’: 6: Informational; ‘debug’: 7: Debug;

Type: string

Supported Values: emergency, alert, critical, error, warning, notice, informational, debug

Default: debug

Mutual Exclusion: severity-string and severity-val are mutually exclusive

severity-val

Description Logging severity level

Type: number

Range: 0-7

Default: 7

Mutual Exclusion: severity-val and severity-string are mutually exclusive

template_logging-list_log

Specification
Type	object

port-mappings

Description ‘creation’: Log creation of NAT mappgins; ‘disable’: Disable Log creation and deletion of NAT mappings;

Type: string

Supported Values: creation, disable

template_logging-list_source-port

Specification
Type	object

any

Description Use any source port

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: any and source-port-num are mutually exclusive

source-port-num

Description Set source port for sending NAT syslogs (default: 514)

Type: number

Range: 1-65535

Default: 514

Mutual Exclusion: source-port-num and any are mutually exclusive

translation

Specification
Type	object

icmp-timeout

Description: icmp-timeout is a JSON Block. Please see below for translation_icmp-timeout

Type: Object

ignore-tcp-msl

Description reclaim TCP resource immediately without MSL

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

service-timeout-list

Type: List

Reference Object: /axapi/v3/ip/nat/translation/service-timeout/{service-type}+{port}

tcp-timeout

Description TCP protocol extended translations (Timeout in seconds (Interval of 60 seconds), default is 300 seconds (5 minutes))

Type: number

Range: 2-15000

Default: 300

udp-timeout

Description UDP protocol extended translations (Timeout in seconds (Interval of 60 seconds), default is 300 seconds (5 minutes))

Type: number

Range: 2-15000

Default: 300

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

translation_service-timeout-list

Specification
Type	list
Block object keys

port

Description Port Number

Type: number

Range: 1-65535

service-type

Description ‘tcp’: TCP Protocol; ‘udp’: UDP Protocol;

Type: string

Supported Values: tcp, udp

timeout-type

Description ‘age’: Expiration time; ‘fast’: Use Fast aging;

Type: string

Supported Values: age, fast

timeout-val

Description Timeout in seconds (Interval of 60 seconds)

Type: number

Range: 2-15000

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

translation_icmp-timeout

Specification
Type	object

icmp-timeout

Description ‘age’: Expiration time; ‘fast’: Use Fast aging;

Type: string

Supported Values: age, fast

Default: fast

icmp-timeout-val

Description Timeout in seconds (Interval of 60 seconds)

Type: number

Range: 2-15000

icmp

Specification
Type	object

always-source-nat-errors

Description Source NAT intermediate routers’ IPs for ICMP errors (default: disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

respond-to-ping

Description Respond to ICMP echo requests to NAT pool IPs (default: disabled)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

inside

Specification
Type	object

source

Description: source is a JSON Block. Please see below for inside_source

Type: Object

Reference Object: /axapi/v3/ip/nat/inside/source

inside_source

Specification
Type	object

class-list

Description: class-list is a JSON Block. Please see below for inside_source_class-list

Type: Object

Reference Object: /axapi/v3/ip/nat/inside/source/class-list

list

Description: list is a JSON Block. Please see below for inside_source_list

Type: Object

Reference Object: /axapi/v3/ip/nat/inside/source/list

static-list

Type: List

Reference Object: /axapi/v3/ip/nat/inside/source/static/{src-address}+{nat-address}

inside_source_static-list

Specification
Type	list
Block object keys

action

Description ‘enable’: Enable static mapping (default); ‘disable’: Disable static mapping;

Type: string

Supported Values: enable, disable

Default: enable

nat-address

Description NAT Address

Type: string

Format: ipv4-address

src-address

Description Original Source Address

Type: string

Format: ipv4-address

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Description VRRP-A vrid (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

Reference Object: /axapi/v3/vrrp-a/vrid

inside_source_list

Specification
Type	object

acl-id-list-list

Type: List

Reference Object: /axapi/v3/ip/nat/inside/source/list/acl-id-list/{acl-id}

acl-name-list-list

Type: List

Reference Object: /axapi/v3/ip/nat/inside/source/list/acl-name-list/{name}

inside_source_list_acl-id-list-list

Specification
Type	list
Block object keys

acl-id

Description Acl id

Type: number

Range: 1-199

Reference Object: /axapi/v3/access-list/standard

msl

Description Maximum Session Life Value

Type: number

Range: 1-1800

pool

Description Pool or Pool Group (Pool or Pool Group Name)

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ip/nat/pool

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

inside_source_list_acl-name-list-list

Specification
Type	list
Block object keys

msl

Description Maximum Session Life Value

Type: number

Range: 1-1800

name

Description Apply an access list

Type: string

Maximum Length: 16 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ip/access-list

pool

Description Pool or Pool Group (Pool or Pool Group Nam)

Type: string

Format: string-rlx

Maximum Length: 128 characters

Maximum Length: 1 characters

Reference Object: /axapi/v3/ip/nat/pool

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

inside_source_class-list

Specification
Type	object

name

Description Class List Name

Type: string

Maximum Length: 63 characters

Maximum Length: 1 characters

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

pool-list

Specification
Type	list
Block object keys

end-address

Description Configure end IP address of NAT pool

Type: string

Format: ipv4-address

ethernet

Description Ethernet interface

Type: number

Format: interface

gateway

Description Configure gateway IP

Type: string

Format: ipv4-address

ip-rr

Description Use IP address round-robin behavior

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

netmask

Description Configure mask for pool

Type: string

Format: ipv4-netmask-brief

pool-name

Description Specify pool name or pool group

Type: string

Format: string-rlx

Maximum Length: 63 characters

Maximum Length: 1 characters

port-overload

Description Nat Pool Port overload

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

scaleout-device-id

Description Configure Scaleout device id to which this NAT pool is to be bound (Specify Scaleout device id)

Type: number

Range: 1-16

start-address

Description Configure start IP address of NAT pool

Type: string

Format: ipv4-address

Mutual Exclusion: start-address and use-if-ip are mutually exclusive

use-if-ip

Description Use Interface IP

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

Mutual Exclusion: use-if-ip and start-address are mutually exclusive

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

vrid

Description Configure VRRP-A vrid (Specify ha VRRP-A vrid)

Type: number

Range: 1-31

Reference Object: /axapi/v3/vrrp-a/vrid